Personal Data Protection and Processing Policy of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi

Document Information
Document Name:	Personal Data Protection and Processing Policy of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi
Target Audience:	All individuals whose personal data is processed by Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi
Reference / Reason:	Law No. 6698 on the Protection of Personal Data and related secondary regulations.
Approved by:	Chief Financial Officer and Chief Legal Advisor of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi.

In case of any discrepancy between the Turkish version of this Personal Data Protection and Processing Policy and any translated version, the Turkish text shall prevail.

This document may not be reproduced or distributed without the written permission of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi.

PRIVACY POLICY OF ARABA SEPETİ OTOMOTİV BİLİŞİM DANIŞMANLIK HİZMETLERİ SANAYİ VE TİCARET ANONİM ŞİRKETİ

1. PURPOSE AND PRIVACY COMMITMENT OF THE POLICY

2. SCOPE OF THE POLICY

3. DEFINITIONS

4. BASIC PRINCIPLES OF PROCESSING PERSONAL DATA

5. PROCESSING OF PERSONAL DATA

6. PROCESSING OF SENSITIVE PERSONAL DATA

7. PERSONAL DATA PROCESSED BY THE COMPANY AND PURPOSES OF PROCESSING

8. STORAGE PERIOD AND ERASURE OF PERSONAL DATA

9. TRANSFER OF PERSONAL DATA

10. TRANSFER OF SENSITIVE PERSONAL DATA

11. COMPANY'S OBLIGATION TO INFORM

12. RIGHTS OF DATA SUBJECTS

13. MANAGEMENT AND SECURITY OF PERSONAL DATA

14. AUDIT

15. RESPONSIBILITIES

16. CHANGES TO THE POLICY

17. EFFECTIVE DATE OF THE POLICY

ANNEX 1 - Categories of Personal Data and Purposes of Processing Personal Data

PRIVACY POLICY OF ARABA SEPETİ OTOMOTİV BİLİŞİM DANIŞMANLIK HİZMETLERİ SANAYİ VE TİCARET ANONİM ŞİRKETİ

PURPOSE AND PRIVACY COMMITMENT OF THE POLICY

Protecting your fundamental rights and freedoms, including the privacy of your personal life, and ensuring the security of your personal data processing are among the top values and objectives of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi ("Company"). In this regard, the Personal Data Protection and Processing Policy ("Policy") of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi outlines the principles adopted by our company in carrying out personal data processing activities and the fundamental principles adopted by our company in terms of compliance with relevant secondary regulations and practices, especially the Law on Protection of Personal Data numbered 6698. Through this Policy, our company provides you with information and ensures necessary transparency as data subjects.

Within this scope, our company pledges to process and protect your personal data in compliance with the relevant legislation, this Policy, and the procedures to be applied in accordance with this Policy, with a full sense of responsibility.

SCOPE OF THE POLICY

This Policy pertains to all natural persons whose personal data is processed, whether automatically or non-automatically, or as part of any data recording system, as well as all personal data processed by the Company.

This Policy covers all data processing activities related to personal data carried out by the Company and applies to such activities.

This Policy does not apply to data that does not have the characteristics of personal data.

This Policy may be amended from time to time, with the approval of the Chief Financial Officer and Chief Legal Counsel, if required by relevant legislation or deemed necessary by the Company.

In the event of any inconsistency between relevant legislative regulations and this Policy, the relevant legislative regulations shall prevail.

DEFINITIONS

In this Policy, the following definitions have the following meanings:

“Explicit Consent"	Consent based on informed knowledge of a specific matter and declared with free will.
“Obligation to Inform”	The obligation of Data Controller or authorized persons on behalf of the Company to inform Data Subjects in accordance with Article 10 of the Law on the Protection of Personal Data and the Communique on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform.
“Data Subject”	Natural persons whose Personal Data is processed by the Company or persons/entities authorized by the Company.
“Destruction”	Deletion, destruction, or anonymization of Personal Data.
“Personal Data”	Any kind of information related to an identified or identifiable real person (the term "Personal Data" within the scope of this Policy also covers "Sensitive Personal Data" as defined below).
“Processing of Personal Data”	Any operation performed on Personal Data, whether wholly or partially automated or not, such as obtaining, recording, storing, preserving, altering, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of it in any way.
“Committee”	Company's Personal Data Protection Committee,
“Board”	Personal Data Protection Board,
“Authority”	Personal Data Protection Authority,
“DPL”	Law on Protection of Personal Data numbered 6698,
“DPL Regulations”	All relevant regulations concerning the protection of Personal Data in force, including but not limited to DPL, decisions of the Board, guides of the Authority, public announcements, other regulatory and supervisory authority decisions/instructions, and all regulations on the protection of personal data that may be issued in the future.
“DPL Policies"”	Policies issued by the Company regarding the protection of Personal Data.
“DPL Procedures”	Procedures that determine the obligations to be complied with under the DPL Policies for the Company, Company employees, and the Committee.
“Sensitive Personal Data”	Data related to an individual's race, ethnicity, political opinion, philosophical belief, religion, sect, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
“Data Processor”	A natural or legal person who processes Personal Data on behalf of the Data Controller based on the authority granted by the Data Controller.
“Data Controller”	A natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

BASIC PRINCIPLES OF PROCESSING PERSONAL DATA

Processing Personal Data in Compliance with the Law and Honesty Rules

The Company processes Personal Data in compliance with the law and honesty rules, based on the principle of proportionality. The Company processes Personal Data within the scope required by the Company's business activities and limited to such activities.

Ensuring the Accuracy and Timeliness of Personal Data

The Company takes all necessary measures to ensure that Personal Data remains complete, accurate, and up-to-date throughout the processing period. In this context, the Company establishes the necessary mechanisms to verify and update the accuracy and timeliness of Personal Data, in accordance with the requests for changes to Personal Data by the Data Subject within the scope of DPL Regulations.

Processing Personal Data for Specific, Explicit, and Legitimate Purposes

Before processing Personal Data, the Company determines the purposes for which the Personal Data will be processed. In this context, the Company clearly defines the purposes of processing Personal Data and processes Personal Data within the scope of these purposes, which are related to its business activities. In accordance with the DPL Regulations, Data Subjects are informed in this regard, and their Explicit Consent is obtained when necessary.

Relevance, Limitation, and Proportionality of Personal Data Processing with the Purpose

The Company collects and processes Personal Data only to the extent and in the manner required by its business activities and limited to the defined purposes. In this regard, the Company avoids processing Personal Data that is irrelevant to the realization of the defined purposes or is unnecessary.

Retention of Personal Data for the Period Foreseen in Relevant Legislation or for the Purpose for Which They Were Processed

The Company retains Personal Data for the period necessary for the purposes for which they were processed and as prescribed by relevant legal regulations. In this context, the Company first determines whether there is a specified period for the storage of Personal Data in the relevant legislation and, if a period is specified, complies with that period. If there is no legal requirement for retention, Personal Data is kept for the duration necessary for the purpose of processing.

Personal Data is destroyed at the end of the determined retention periods, in accordance with periodic Destruction periods or in response to requests from Data Subjects, using the specified Destruction methods (deletion and/or destruction and/or anonymization). In this case, the Company ensures that third parties to whom Personal Data has been transferred also delete, destroy, or anonymize the Personal Data.

The Technology and Product Technologies Department and the Committee are responsible for managing the Destruction processes. In this context, the necessary Destruction procedures are created by the Committee.

PROCESSING OF PERSONAL DATA

Personal Data may only be processed by the Company under the following principles and procedures:

Explicit Consent

Personal Data is processed only with the Explicit Consent of the Data Subject when none of the other conditions for processing Personal Data listed below exist.

In this case, Personal Data is processed after informing the Data Subjects in compliance with the Obligation to Inform and obtaining their Explicit Consent with their free will.

Explicit Consents are retained by the Company in a provable manner in accordance with the DPL Regulations throughout the required period.

The Committee is responsible for fulfilling the Obligation to Inform and, when necessary, obtaining Explicit Consent for all Personal Data Processing processes. All Company employees processing Personal Data are obliged to comply with the Committee's instructions, this Policy, and DPL Procedures.

Clearly Provided in the Law

If the Personal Data Processing is clearly provided in the law concerning the processing of Personal Data, in other words, if there is a clear provision in the relevant law regarding the processing of Personal Data, then Personal Data is processed within the scope of this data processing condition.

Impossibility of Obtaining Explicit Consent Due to Actual Impossibility

If it is compulsory to process Personal Data to protect the life or bodily integrity of the Data Subject or someone else due to actual impossibility to obtain Explicit Consent because they cannot explain their Explicit Consent or their Explicit Consent cannot be considered valid, then the Personal Data of the Data Subject is processed within the scope of this data processing condition.

Directly Related to the Establishment or Performance of a Contract

If Personal Data Processing is necessary, provided that it is directly related to the establishment or performance of a contract to which the Data Subject is a party, then the Personal Data of the Data Subject is processed within the scope of this data processing condition.

Fulfillment of the Company's Legal Obligation

If it is compulsory to process Personal Data for the Company to fulfill its legal obligations, then the Personal Data of the Data Subject is processed within the scope of this data processing condition.

Public Disclosure of the Data Subject's Personal Data

If the Data Subject has made their Personal Data public, then the Personal Data is processed to the extent required for the purpose of making it public.

Necessity of Processing Personal Data for the Establishment or Protection of a Right

If it is necessary to process Personal Data for the establishment, exercise, or protection of a right, then the Personal Data of the Data Subject is processed within the scope of this data processing condition.

Necessity of Processing Personal Data for the Legitimate Interests of the Company

If the processing of Personal Data is compulsory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the Data Subject, then the Personal Data of the Data Subject is processed within the scope of this data processing condition.

PROCESSING OF SENSITIVE PERSONAL DATA

Sensitive Personal Data is processed by the Company in compliance with the principles and procedures specified in this Policy and, if necessary, by taking all required administrative and technical measures, including the methods determined by the Board, under the following conditions:

For Sensitive Personal Data other than health and sexual life: Sensitive Personal Data other than data related to health and sexual life may be processed without obtaining the Explicit Consent of the Data Subject, provided that it is clearly stipulated in the laws, in other words, if there is a clear provision in the relevant law regarding the processing of Personal Data.

For Sensitive Personal Data related to health and sexual life: Sensitive Personal Data related to health and sexual life may be processed without obtaining the Explicit Consent of the Data Subject for purposes such as protecting public health, performing preventive medicine, carrying out medical diagnosis, treatment, and care services, planning and managing health services and their financing, and when there is an obligation to maintain confidentiality (e.g., company doctors working under the Company's payroll) or by authorized institutions and organizations. Otherwise, the presence of the Explicit Consent of the Data Subject is required for the processing of Sensitive Personal Data related to health and sexual life, as well as for Sensitive Personal Data other than health and sexual life.

Regarding employees involved in the Sensitive Personal Data processing processes, the Company:

Provides regular training on the security of Sensitive Personal Data in accordance with DPL Regulations.

Establishes confidentiality agreements.

Clearly defines the scope and duration of the authorization of users with access to Sensitive Personal Data.

Conducts periodic authorization checks.

Immediately revokes the privileges of employees who undergo changes in their roles or leave the company in this field and retrieves the inventory allocated to the relevant employee.

In the case of electronic transfer of Sensitive Personal Data, the Company:

Safeguards Sensitive Personal Data using cryptographic methods.

Keeps cryptographic keys secure and in different environments.

Securely logs all actions performed on Sensitive Personal Data.

Continuously monitors security updates for the environments where Sensitive Personal Data is stored, conducts necessary security tests regularly or as needed, and records test results.

Manages user authorizations for software used to access Sensitive Personal Data, conducts regular security tests for these software tools, and records test results.

Implements at least a two-step authentication system in case of remote access to Sensitive Personal Data.

In case Sensitive Personal Data is processed in a physical environment, the Company:

Takes adequate security measures against various risks such as electrical leakage, fire, flooding, and theft.

Ensures the physical security of these environments and prevents unauthorized access.

In case of transferring Sensitive Personal Data, the Company:

Uses encrypted corporate email addresses or Registered Electronic Mail (KEP) accounts if it is necessary to transmit Sensitive Personal Data via email.

Encrypts Sensitive Personal Data using cryptographic methods and keeps cryptographic keys in a different environment if it is necessary to transfer data via portable memory, CD, DVD, or similar media.

Establishes a VPN between servers or uses the SFTP method for data transfer if it is necessary to transfer Sensitive Personal Data between servers in different physical environments.

Takes necessary precautions against risks such as theft, loss, or unauthorized access when transferring Sensitive Personal Data in paper format and sends documents in the format of "classified documents."

In addition to the above regulations, the Committee is responsible for ensuring the security of Sensitive Personal Data by taking measures in accordance with DPL Regulations, including the Personal Data Security Guide published by the Authority, and establishing mechanisms for this purpose.

PERSONAL DATA PROCESSED BY THE COMPANY AND PROCESSING PURPOSES

At the Company, in accordance with the Personal Data Protection Legislation, the Data Subjects are informed, and Personal Data is processed limitedly based on at least one of the Personal Data processing conditions specified in Articles 5 and 6 of the DPL (particularly the principles stated in Article 4 of the DPL concerning the Processing of Personal Data) and in compliance with the general principles specified in the DPL. Detailed information about the categories of Personal Data processed and the purposes of Personal Data processing, in line with the purposes and conditions stated in this Policy, can be found in Annex 1 of this Policy (Annex 1 - Categories of Personal Data and Purposes of Processing Personal Data).

STORAGE PERIOD AND DESTRUCTION OF PERSONAL DATA

The Company retains Personal Data for the period necessary for the purpose of processing and the minimum period stipulated by relevant legal regulations. In this context, the Company first determines whether there is a period prescribed by the relevant legislation for the retention of Personal Data and, if a period is specified, acts in accordance with that period. If there is no legal retention period, Personal Data is retained for the period required for the purpose of processing. Personal Data is not retained by the Company in any way for potential future use.

The Company establishes a Personal Data retention and destruction policy in accordance with the Personal Data processing inventory, and conducts all destruction activities (deletion and/or destruction and/or anonymization) in compliance with the Personal Data retention and destruction policy related to the Personal Data Protection Legislation. Personal Data is destroyed at the end of the storage periods determined in accordance with the established Personal Data retention and destruction policy, in line with periodic destruction periods or upon the request of the Data Subject, using the specified destruction methods (deletion and/or destruction and/or anonymization). The Technology and Product Department and the Committee are responsible for managing the destruction processes. In this regard, the necessary procedures are established by the Committee.

TRANSFER OF PERSONAL DATA

The Company may transfer Personal Data of Data Subjects to third parties located domestically and/or abroad in compliance with the Personal Data Protection Legislation, by taking the necessary security measures for the lawful processing purposes of Personal Data. In this case, protective provisions are added to the contracts concluded with third parties.

Even if the Data Subject's Explicit Consent is not available, Personal Data may be transferred to third parties by the Company in compliance with the Personal Data Protection Legislation with the necessary administrative and technical measures in place, provided that one or more of the following conditions exist:

The relevant activities for the transfer of Personal Data are explicitly prescribed by laws.
The transfer of Personal Data by the Company is directly related and necessary for the establishment or performance of a contract.
The transfer of Personal Data is mandatory for the Company to fulfill its legal obligations.
Personal Data is transferred by the Company in a limited manner for the purpose of making it public by the Data Subject.
The transfer of Personal Data by the Company is necessary for the establishment, exercise, or protection of rights of the Company, Data Subject, or third parties.
Without prejudice to the fundamental rights and freedoms of the Data Subject, it is necessary for the legitimate interests pursued by the Company to carry out Personal Data transfer activities.
The transfer of Personal Data by the Company is necessary for the protection of life or physical integrity of the Data Subject or another person, and the Data Subject is unable to disclose his/her consent due to actual impossibility or his/her consent has no legal validity.

In addition to the above, Personal Data may be transferred to foreign countries that have been declared by the Board as having adequate protection ("Foreign Country with Adequate Protection") if any of the above conditions are met. In case of the absence of adequate protection, Personal Data may be transferred to foreign countries where the Data Controllers in Turkey and the relevant foreign country undertake adequate protection in writing and with the permission of the Board, in accordance with the data transfer conditions specified in the legislation in both Turkey and the relevant foreign country ("Country in which Data Controller Undertake to Provide Adequate Protection").

TRANSFER OF SENSITIVE PERSONAL DATA

Sensitive personal data may be transferred by the Company in compliance with the principles set forth in this Policy and by taking any necessary administrative and technical measures, including the methods determined by the Board, provided that the following conditions exist:

Sensitive personal data other than data related to health and sexual life may be processed without the explicit consent of the data subject if it is explicitly prescribed by laws, in other words, if there is a clear provision in the relevant law regarding the processing of personal data.
Sensitive personal data related to health and sexual life may be processed without the explicit consent of the data subject by persons or authorized public institutions and organizations that have confidentiality obligation, for the purposes of protecting public health, carrying out preventive medicine, medical diagnosis, treatment, and care services, planning and managing health services and their financing, and provided that it is processed by authorized persons or institutions and organizations, without seeking explicit consent, in cases stipulated by laws, and for the purposes specified in relevant legislation.

In addition to the above, sensitive personal data may be transferred to foreign countries that have been declared by the Board as having adequate protection ("Adequate Protection Foreign Country") if any of the above conditions are met. In case of the absence of adequate protection, sensitive personal data may be transferred to foreign countries where the Data Controllers in Turkey and the relevant foreign country undertake adequate protection in writing and with the permission of the Board, in accordance with the data transfer conditions specified in the legislation in both Turkey and the relevant foreign country ("Foreign Country with Adequate Protection Undertaking Data Controller").

THE COMPANY'S OBLIGATION TO INFORM

The Company informs the Data Subjects in accordance with Article 10 of the DPL and the provisions of the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform. In this context, the Company, in compliance with the DPL regulations, informs the Data Subjects about who processes their Personal Data as the Data Controller, the purposes of processing, with whom and for what purposes their Personal Data is shared, the methods of collection, the legal basis for processing, and the rights of the Data Subjects regarding the processing of their Personal Data.

All new Personal Data processing processes are reported to the Committee for the purpose of creating necessary procedures in accordance with the DPL.

In cases where the Data Processor is a third party other than the Company, a written agreement is made with the third party before starting the processing of Personal Data, ensuring that the third party complies with the obligations mentioned above. In the event of Personal Data transfer by a third party to the Company, each employee is responsible for going through the process as outlined in this Policy and the DPL Procedures.

RIGHTS OF DATA SUBJECTS

Data Subjects have the following rights:

To learn whether their Personal Data is processed or not.
To request information if their Personal Data has been processed.
To learn the purpose of the processing of Personal Data and whether these are used in accordance with their purpose.
To know the third parties to whom their Personal Data is transferred, either domestically or abroad.
To request the correction of Personal Data if it is incomplete or incorrectly processed and to request the notification of this correction to third parties to whom the Personal Data has been transferred.
To request the deletion or destruction of Personal Data in the event that the reasons requiring their processing cease to exist, despite being processed in accordance with the DPL and other relevant laws, and to request the notification of this deletion or destruction to third parties to whom the Personal Data has been transferred.
To object to the occurrence of a result against the person themselves by exclusively analyzing their processed data through automated systems.
To request the compensation of damages in case of suffering damage due to the unlawful processing of Personal Data.

Data Subjects can submit their requests related to these rights to the Company using the methods specified by the Data Protection Authority. In this regard, the Data Subject Application Form of Araba Sepeti Otomotiv Bilişim Danışmanlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi, which can be accessed at www.carvakbiz.com/tr/privacy-policy, can be utilized. However, in any case, the current application methods and application content should be checked from the relevant legislation before the application, and applications should be made in accordance with these procedures and principles.

If Data Subjects submit their requests regarding the rights listed above to the Company in writing, the Company shall conclude the request within a maximum of 30 (thirty) days free of charge in accordance with the DPL Regulations. In case there is an additional cost for the processing of requests, the fees specified in the tariff determined by the Data Protection Board may be requested by the Data Controller.

PERSONAL DATA MANAGEMENT AND SECURITY

The Company establishes a Committee to fulfill its obligations under the DPL Regulations, to prepare and implement the necessary DPL Procedures for the application of this Policy, to monitor them, and to make recommendations for their operation.

The Company takes all necessary administrative and technical measures to ensure the security of Personal Data in accordance with the DPL Regulations. In this context, the Company monitors the processing of Personal Data activities with technical systems based on technological capabilities and application costs.

Knowledgeable personnel are employed for technical matters related to the processing of Personal Data activities.

Company employees are informed and trained on the protection and lawful processing of Personal Data.

Necessary DPL Procedures are established and the Committee is responsible for their creation and implementation to ensure the access of Company employees to Personal Data.

Company employees can access Personal Data only within the scope of the authority assigned to them and in accordance with the relevant DPL Procedures.

If Company employees suspect that the security of Personal Data is not sufficiently ensured or detect such a security vulnerability, they immediately report the situation to the Committee.

Detailed DPL Procedures for the security of Personal Data are created by the Committee.

Any individual who is allocated a Company device is responsible for the security of the devices allocated for their use.

Each Company employee is responsible for the security of physical files within their area of responsibility.

If there are security measures requested or additionally requested for the security of Personal Data within the scope of the DPL Regulations, all employees are obliged to comply with these additional security measures and ensure the continuity of these security measures.

All Personal Data processed within the Company is considered "Confidential Information" by the Company.

Company employees are informed that their obligations regarding the security and confidentiality of Personal Data will continue after the termination of the employment relationship, and a commitment is obtained from Company employees to comply with these rules.

AUDIT

The Company has the right to conduct regular and unannounced audits at any time to ensure that all employees of the Company and Data Processors comply with the DPL Regulations, this Policy, and the DPL Procedures, and the Company performs all necessary routine audits in this context. The Committee creates DPL Procedures for these audits and ensures the implementation of these procedures.

RESPONSIBILITIES

The Committee responsible for the preparation, revision, and implementation of this Policy is appointed by the decision of the Chief Financial Officer and the Chief Legal Counsel, and any changes in this regard are also made through the same process.

POLICY AMENDMENTS

This Policy may be amended from time to time by the Company with the approval of the Chief Financial Officer and Chief Legal Counsel.

The Company makes the current version of the Policy available to Data Subjects at the following website address:

Website Address: www.carvakbiz.com/tr/privacy-policy

POLICY EFFECTIVE DATE

This version of the Policy has entered into force upon approval by the Company's Finance Department and Legal Department.

ANNEX 1 - Categories of Personal Data and Purposes of Processing Personal Data

Personal Data Category	Kişisel Veri’lerin İşlenme Amaçları
Identity Data	Emergency Management Process Execution Information Security Process Execution Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidates' Application Processes Execution of Employee Satisfaction and Loyalty Processes Fulfillment of Employment Contracts and Legal Obligations for Employees Execution of Additional Rights and Benefits Processes for Employees Execution of Audit / Ethical Activities Execution of Training Activities Execution of Access Authorization Compliance with Legal Requirements in the Execution of Activities Execution of Finance and Accounting Matters Execution of Loyalty to Company / Products / Services Processes Ensuring Physical Space Security Execution of Assignment Processes Follow-up and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Planning of Human Resources Processes Execution / Monitoring of Business Activities Execution of Occupational Health / Safety Activities Gathering and Evaluation of Suggestions for Business Process Improvement Execution of Business Continuity Activities Execution of Logistics Activities Execution of Procurement Processes for Goods / Services Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operations Processes Execution of Customer Relationship Management Processes Execution of Activities for Customer Satisfaction Organization and Event Management Execution of Marketing Analysis Studies Execution of Performance Evaluation Processes Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Social Responsibility and Civil Society Activities Execution of Contract Processes Execution of Sponsorship Activities Execution of Strategic Planning Activities Tracking of Requests / Complaints Ensuring the Security of Movable Assets and Resources Execution of Supply Chain Management Processes Execution of Compensation Policy Execution of Product / Service Marketing Processes Ensuring the Security of Data Controller Operations Execution of Investment Processes Execution of Talent / Career Development Activities Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities Creation and Tracking of Visitor Records Other - Execution of Website / Mobile Application Membership Procedures
Communication Data	Communication Data Execution of Emergency Management Processes Execution of Information Security Processes Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidate Application Processes Execution of Employee Satisfaction and Loyalty Processes Fulfillment of Employment Contracts and Legal Obligations for Employees Execution of Employee Benefits and Welfare Processes Execution of Audit / Ethics Activities Execution of Training Activities Execution of Access Authorization Processes Compliance of Activities with Legislation Execution of Finance and Accounting Affairs Execution of Loyalty to Company / Product / Service Processes Execution of Assignment Processes Tracking and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Planning of Human Resources Processes Execution / Auditing of Business Activities Execution of Occupational Health and Safety Activities Collection and Evaluation of Suggestions for Improving Business Processes Execution of Business Continuity Activities Execution of Logistics Activities Execution of Procurement Processes Execution of After-Sales Support Services Execution of Sales Processes for Goods / Services Execution of Product / Service Production and Operations Processes Execution of Customer Relationship Management Processes Execution of Activities for Customer Satisfaction Organization and Event Management Execution of Marketing Analysis Studies Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Social Responsibility and Civil Society Activities Execution of Contract Processes Execution of Sponsorship Activities Execution of Strategic Planning Activities Tracking of Requests / Complaints Ensuring the Security of Movable Assets and Resources Execution of Supply Chain Management Processes Execution of Product / Service Marketing Processes Ensuring the Security of Data Controller Operations Execution of Investment Processes Execution of Talent / Career Development Activities Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities Other - Execution of Website / Mobile Application Membership Procedures
Location Data	Execution of Audit / Ethics Activities Tracking and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Marketing Analysis Studies Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Product / Service Marketing Processes Providing Information to Authorized Individuals, Institutions, and Organizations
Employee Data	Execution of Emergency Management Processes Execution of Information Security Processes Execution of Employee Satisfaction and Loyalty Processes Fulfillment of Employee Rights and Obligations Arising from Employment Contracts and Legislation Execution of Employee Benefits and Incentives Processes Execution of Audit / Ethical Activities Execution of Training Activities Execution of Access Permissions Compliance of Activities with Legislation Execution of Financial and Accounting Affairs Execution of Loyalty to Company / Product / Service Processes Ensuring Physical Premises Security Execution of Assignment Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Planning of Human Resources Processes Execution and Audit of Business Activities Execution of Occupational Health and Safety Activities Collection and Evaluation of Proposals for Improving Business Processes Execution of Business Continuity Activities Execution of Logistics Activities Execution of Procurement Processes for Goods / Services Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operations Processes Execution of Customer Relationship Management Processes Organization and Event Management Execution of Performance Evaluation Processes Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Contract Processes Execution of Strategic Planning Activities Tracking of Requests / Complaints Ensuring the Security of Movable Assets and Resources Execution of Supply Chain Management Processes Execution of Salary Policy Ensuring the Security of Data Controller Operations Execution of Investment Processes Execution of Talent / Career Development Activities Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities
Legal Transaction Data	Fulfillment of Employee Rights and Obligations Arising from Employment Contracts and Legislation Execution of Audit / Ethical Activities Compliance of Activities with Legislation Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution and Audit of Business Activities Execution of Procurement Processes for Goods / Services Execution of Sales Processes for Goods / Services Execution of Storage and Archive Activities Execution of Contract Processes Execution of Sponsorship Activities Execution of Strategic Planning Activities Providing Information to Authorized Individuals, Institutions, and Organizations Other - Execution of Internet Site / Mobile Application Membership Processes
Customer Transaction Data	Audit / Ethical Activities Management Conducting Activities in Compliance with Regulations Financial and Accounting Affairs Management Commitment to Company / Product / Service Processes Legal Affairs Monitoring and Management Internal Audit / Investigation / Intelligence Activities Management Communication Activities Management Business Activities Execution / Auditing Receiving and Evaluating Suggestions for Business Process Improvement Logistics Activities Management Post-Sale Support Services Management Sales Processes Management for Goods / Services Production and Operations Processes Management Customer Relationship Management Activities for Customer Satisfaction Conducting Marketing Analysis Studies Advertisement / Campaign / Promotion Process Management Storage and Archiving Activities Management Contract Processes Management Strategic Planning Activities Management Tracking Requests / Complaints Management of Product / Service Marketing Processes Providing Information to Authorized Individuals, Institutions, and Organizations
Physical Space Security	Compliance with Employee Labor Contracts and Legal Obligations Conducting Audits / Ethical Activities Management of Access Permissions Ensuring Compliance of Activities with Regulations Provision of Physical Space Security Monitoring and Execution of Legal Affairs Internal Auditing / Investigation / Intelligence Activities Planning of Human Resources Processes Management of Storage and Archive Activities Ensuring the Security of Tangible Assets and Resources Ensuring the Security of Data Controller Operations Providing Information to Authorized Individuals, Institutions, and Organizations Creation and Monitoring of Visitor Records
Transaction Security Data	Information Security Process Management Compliance with Employee Contract and Legal Obligations Conducting Audit/Ethical Activities Management of Access Rights Conducting Activities in Compliance with Regulations Commitment to Company/Product/Service Monitoring and Execution of Legal Affairs Internal Audit/Investigation/Intelligence Activities Planning Human Resources Processes Execution and Audit of Business Activities Receiving and Evaluating Suggestions for Business Process Improvement Execution of Business Continuity Activities Execution of Procurement Processes for Goods/Services Execution of Post-Sales Support Services for Goods/Services Execution of Sales Processes for Goods/Services Management of Customer Relationship Processes Execution of Activities for Customer Satisfaction Conducting Marketing Analysis Studies Execution of Advertising/Campaign/Promotion Processes Execution of Storage and Archive Activities Execution of Contract Processes Tracking Requests/Complaints Execution of Product/Service Marketing Processes Ensuring Data Controller Operations Security Providing Information to Authorized Individuals, Institutions, and Organizations Other - Execution of Website/Mobile Application Membership Procedures
Financial Data	Compliance with Employee Contracts and Legal Obligations Conducting Audits and Ethical Activities Conducting Activities in Compliance with Regulations Execution of Finance and Accounting Tasks Monitoring and Execution of Legal Affairs Conducting Internal Audits, Investigations, and Intelligence Activities Execution and Oversight of Business Activities Execution of Procurement Processes for Goods/Services Execution of Post-Sales Support Services for Goods/Services Execution of Sales Processes for Goods/Services Execution of Production and Operational Processes for Goods/Services Execution of Storage and Archive Activities Execution of Contract Processes Execution of Sponsorship Activities Implementation of Compensation Policy Execution of Investment Processes Providing Information to Authorized Individuals, Institutions, and Organizations
Professional Experience Data	Execution of Emergency Management Processes Execution of Information Security Processes Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidate Application Processes Execution of Employee Satisfaction and Loyalty Processes Execution of Legal Obligations for Employees in Terms of Employment Contracts and Legislation Execution of Audit and Ethical Activities Execution of Training Activities Execution of Access Authorization Processes Execution of Activities in Compliance with Regulations Execution of Processes Related to Loyalty to Company / Product / Service Execution of Assignment Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Planning of Human Resources Processes Execution and Auditing of Business Activities Execution of Occupational Health and Safety Activities Receipt and Evaluation of Proposals for Improving Business Processes Execution of Business Continuity Activities Execution of Logistics Activities Execution of Procurement Processes for Goods/Services Execution of Post-Sales Support Services for Goods/Services Execution of Sales Processes for Goods/Services Execution of Production and Operational Processes for Goods/Services Execution of Customer Relationship Management Processes Organization and Event Management Execution of Marketing Analysis Studies Execution of Performance Evaluation Processes Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Social Responsibility and Civil Society Activities Execution of Contract Processes Execution of Sponsorship Activities Execution of Strategic Planning Activities Monitoring and Tracking of Requests/Complaints Ensuring the Security of Tangible Assets and Resources Execution of Supply Chain Management Processes Execution of Marketing Processes for Products/Services Ensuring the Security of Data Controller Operations Execution of Investment Processes Execution of Talent/Career Development Activities Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities Execution of Other - Website / Mobile Application Membership Processes
Marketing Data	Execution of Audit and Ethical Activities Execution of Processes Related to Loyalty to Company / Product / Service Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Organization and Event Management Execution of Marketing Analysis Studies Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Marketing Processes for Products/Services Providing Information to Authorized Individuals, Institutions, and Organizations
Visual and Audio Data	Execution of Candidate / Intern / Student Selection and Placement Processes Execution of Candidate Application Processes Execution of Employee Satisfaction and Engagement Processes Compliance with Employment Contracts and Legal Obligations for Employees Execution of Audit and Ethical Activities Execution of Training Activities Execution of Activities in Compliance with Regulations Execution of Processes Related to Loyalty to Company / Product / Service Ensuring Physical Space Security Execution of Assignment Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Planning Human Resources Processes Execution and Audit of Business Activities Execution of Occupational Health and Safety Activities Collection and Evaluation of Suggestions for Improving Business Processes Execution of Business Continuity Activities Execution of Procurement Processes for Goods / Services Execution of Post-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Product / Service Production and Operation Processes Execution of Customer Relationship Management Processes Execution of Activities for Customer Satisfaction Organization and Event Management Execution of Marketing Analysis Studies Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Social Responsibility and Civil Society Activities Execution of Contract Processes Execution of Sponsorship Activities Tracking Requests / Complaints Ensuring the Security of Movable Property and Resources Execution of Marketing Processes for Products/Services Execution of Talent / Career Development Activities Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities
Religion and Other Beliefs	Execution of Employee Satisfaction and Engagement Processes Compliance with Employment Contracts and Legal Obligations for Employees Execution of Audit and Ethical Activities Execution of Assignment Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Planning Human Resources Processes Execution and Audit of Business Activities Execution of Procurement Processes for Goods / Services Execution of Sales Processes for Goods / Services Execution of Product / Service Production and Operation Processes Execution of Storage and Archive Activities Execution of Contract Processes Execution of Investment Processes Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities Creation and Tracking of Visitor Records
Association Membership	Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidate Application Processes Execution of Audit and Ethical Activities Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Planning Human Resources Processes Execution of Storage and Archive Activities Providing Information to Authorized Individuals, Institutions, and Organizations
Foundation Membership	Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidate Application Processes Execution of Audit and Ethical Activities Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Planning Human Resources Processes Execution of Storage and Archive Activities Providing Information to Authorized Individuals, Institutions, and Organizations
Union Membership	Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidate Application Processes Execution of Audit and Ethical Activities Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Planning Human Resources Processes Execution of Storage and Archive Activities Providing Information to Authorized Individuals, Institutions, and Organizations
Health Data	Execution of Emergency Management Processes Execution of Employee Candidate / Intern / Student Selection and Placement Processes Execution of Employee Candidate Application Processes Execution of Employee Satisfaction and Loyalty Processes Compliance with Employee Contracts and Legal Obligations Execution of Employee Benefits and Welfare Processes Execution of Audit and Ethical Activities Execution of Activities in Compliance with Regulations Providing Physical Premises Security Execution of Assignment Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Planning Human Resources Processes Execution of Business Activities and Audits Execution of Occupational Health and Safety Activities Execution of Business Continuity Activities Execution of Procurement Processes for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operation Processes Execution of Storage and Archive Activities Execution of Contract Processes Execution of Sponsorship Activities Ensuring the Security of Movable Assets and Resources Execution of Supply Chain Management Processes Execution of Compensation Policy Execution of Investment Processes Providing Information to Authorized Individuals, Institutions, and Organizations Execution of Management Activities Creation and Monitoring of Visitor Records
Criminal Convictions and Security Measures	Ensuring Compliance with Employment Contracts and Legal Obligations for Employees Execution of Audit and Ethical Activities Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Storage and Archive Activities Providing Information to Authorized Individuals, Institutions, and Organizations
Other - Vehicle Data	Compliance with Employment Contracts and Legal Obligations for Employees Execution of Employee Rights and Benefits Processes Execution of Audit and Ethical Activities Execution of Loyalty to Company / Product / Service Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Planning Human Resources Processes Execution and Audit of Business Activities Receiving and Evaluating Suggestions for Business Process Improvement Execution of Logistics Activities Execution of Purchase Processes for Goods / Services Execution of Post-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Production and Operation Processes for Goods / Services Execution of Customer Relationship Management Processes Execution of Activities for Customer Satisfaction Conducting Marketing Analysis Studies Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Contract Processes Tracking and Handling Requests / Complaints Execution of Marketing Processes for Products / Services Providing Information to Authorized Individuals, Institutions, and Organizations
Other - Request / Complaint Data	Execution of Employee Satisfaction and Loyalty Processes Execution of Audit and Ethical Activities Execution of Activities in Compliance with Regulations Execution of Loyalty to Company / Product / Service Processes Monitoring and Execution of Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Audit of Business Activities Receiving and Evaluating Suggestions for Business Process Improvement Execution of Business Continuity Activities Execution of Purchase Processes for Goods / Services Execution of Post-Sales Support Services for Goods / Services Execution of Customer Relationship Management Processes Execution of Activities for Customer Satisfaction Execution of Advertising / Campaign / Promotion Processes Execution of Storage and Archive Activities Execution of Strategic Planning Activities Tracking and Handling Requests / Complaints Providing Information to Authorized Individuals, Institutions, and Organizations