1. PURPOSE AND SCOPE

• These Privacy and Protection of Personal Data Principles (the "Principles") govern the rules that TETHYS AKTAU II LLP., its business partners and group companies (hereinafter referred to as the "Company" or "Data Controller") apply with regard to the protection and processing of the personal data, guests, customers, prospective customers, suppliers, third persons, online visitors ("Groups of Persons") and aim to inform these Groups of Persons.

2. PRINCIPLES OF PROCESSING PERSONAL DATA

• We, as the Company, process your personal data under the following principles as Data Controller.

2.1 Processing in accordance with the Law and Principles of Good Faith

• We comply with the principles set forth by legal regulations and the general rules of good faith when processing your personal data.

2.2 Ensuring Accuracy and Currency of Personal Data

• Taking into account your legitimate interests, periodic controls and updates are made to ensure that the data processed is accurate and current, and appropriate measures are taken as necessary. In this context, systems for controlling the accuracy of personal data and making the necessary corrections are being established within the Company.

2.3 Data Processing only for Specific, Explicit and Legitimate Purposes

• Your personal data are only processed for explicit, specific and legitimate purposes.

2.4 Relevance and Proportionality

• Your personal data are processed exclusively for the intended purpose and only to the extent necessary for achieving the intended purpose(s). There is no processing of any irrelevant personal data.

2.5 Legal and Specific Retention Time

• Your personal data will only be retained for the time required by the relevant legislation or for the purpose for which it is processed. In this context, first, the relevant legislation is checked to determine whether or not the personal data have to be retained for a certain period of time. If such a period exists, it has to be complied with. In the absence of a legal retention period, the personal data have to be retained for the period as required by the specific processing purpose. At the end of this period or in the event that the reasons that require the processing of personal data no longer exist, your personal data are deleted, destroyed or anonymized in accordance with the company’s Personal Data Retention and Disposal Policy, unless there is another legal basis for the processing of such data for a longer period of time.

3. CONDITIONS FOR PROCESSING PERSONAL DATA

• Your Personal Data are processed by the Company under the following terms.

3.1 Explicitly Set Forth by Law

• Your personal data may be processed when laws explicitly stipulate personal data processing.

3.2 Failure to Obtain Express Consent due to Actual Impossibility

• Your personal data may be processed in the event that it is compulsory to process the personal data of the relevant person or another person who is unable to disclose his/her consent due to the actual impossibility or whose consent cannot be validated, to protect the life or physical integrity of the relevant person or of another person.

3.3 Being Directly Related with the Establishment or Performance of the Contract

• Your personal data may be processed if it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract.

3.4 Fulfilling the Company's Legal Obligation

• Your personal data may be processed if the processing is mandatory to meet the legal obligations as data controller.

3.5 Public Availability of Personal Data

• Your personal data may be processed when you yourself made it publicly available.

3.6 Mandatory Requirement of Data Processing for the Establishment, Usage or Protection of a Right

• Your personal data may be processed in case it is mandatory for the establishment, usage or protection of a right.

3.7 Processing Data based on Legitimate Interest

• Your personal data may be processed if data processing is necessary for the legitimate interests of the Company.

3.8 Data Processing based on Express Consent

• In all cases in which your personal data cannot be processed based on any of the terms set forth in these Principles, they are processed based on express consent.

4. PURPOSES OF PERSONAL DATA PROCESSING

• In accordance with the personal data processing requirements specified in Articles 8 - 2 and 9 of the Law On Personal Data and its Protection dated 21 May 2013 No. 94-V (the "Law"), personal data may be processed for the relevant Group of Persons for the following purposes.

4.1 CUSTOMER

• In accordance with the personal data processing requirements specified in the Law, personal data of customers may be processed for the purposes of carrying out the necessary business and operational processes in order for the relevant person to benefit from the products and services offered by the company, and for the performance of the contract, follow-up of finance and accounting affairs, planning and execution of the customer relationship management and customer satisfaction activities, monitoring of contract processes, follow-up of customer claims and complaints, planning and execution of transfer processes, planning of information security processes, establishing and managing its infrastructure, inspection and execution of the information security processes.

4.2 PROSPECTIVE CUSTOMER

• In accordance with the personal data processing requirements specified in the Law, personal data of prospective customers may be processed for the purposes of customizing the products and services offered by the Company according to the tastes, usage habits and needs of the relevant persons, planning and execution of the activities required for the products and services to be offered and promoted to the relevant persons, conducting the necessary works for the realization of the commercial activities carried out by the Company and conducting the related business processes, conducting the necessary works and managing the related business processes in order for the relevant person to benefit from the products and services offered by the Company, planning and execution of the activities required for the customization, offering and promoting the products and services offered by the Company, planning and execution of customer relationship management processes.

4.3 GUEST

• In accordance with the personal data processing requirements specified in the Law, personal data of guests may be processed for the purposes of ensuring the security of premises and facilities, creating and monitoring of visitor records, ensuring the security of fixtures and/or resources, ensuring technical and commercial occupational safety, ensuring the operational security of the organization, forwarding information to authorized institutions and organizations as required by law.

4.4 THIRD PERSON

• In accordance with the personal data processing requirements specified in the Law, personal data of third persons may be processed for the purposes of carrying out the necessary business and operational processes in order for the relevant person to benefit from the products and services offered by the company, conducting the necessary works for the realization of the commercial activities carried out by the Company and conducting the related business processes, conducting the necessary works and managing the related business processes in order for the relevant person to benefit from the products and services offered by the Company, customizing, offering and promoting the products and services offered by the Company, and the performance of the contract.

4.5 SUPPLIER / BUSINESS PARTNER / TENANT

• In accordance with the personal data processing requirements specified in the Law, personal data of suppliers, business partners and tenants may be processed for the purposes of carrying out the necessary business and operational processes in order for the relevant person to benefit from the products and services offered by the company, conducting the necessary works for the realization of the commercial activities carried out by the Company and conducting the related business processes, conducting the necessary works and managing the related business processes in order for the relevant person to benefit from the products and services offered by the Company.

4.6 ONLINE VISITOR

• In accordance with the personal data processing requirements specified in the Law, personal data of online visitors may be processed for the purposes of conducting marketing studies and analysis, conducting advertising campaigns, promotional activities and communication initiatives, developing products and services and meeting legal obligations.

5. TRANSFER OF PERSONAL DATA

• In accordance with the principles and purposes of the Principles herein and the personal data processing requirements and purposes set forth in Articles 15 and 16 of the Law, your personal data may be transferred in a limited fashion to our affiliates, domestic and foreign business partners, customers, suppliers, legally authorized public institutions and legally authorized private persons.

6. SECURITY OF PERSONAL DATA

6.1

• In order to ensure the security of personal data and to prevent unlawful processing of personal data, the Company takes reasonable measures to prevent the risks of unauthorized access to, accidental loss of, intentional deletion of or damage to the data.

6.2

• All required technical and physical measures are taken so that only authorized persons have access to personal data. In this context, the authorization system is specifically set up in such a way that no one will be able to access more personal data than strictly necessary.

7. COMMITMENT RELATING TO THIRD-PARTY PERSONAL DATA

• The Group of Relevant Persons accepts and consents that the personal data relating to third persons transmitted by the Group of Relevant Persons may be processed by the Company. The Group of Relevant Persons also undertakes that it has provided the necessary information to, and obtained the necessary permissions from the persons whose data have been transmitted with regard to their data in accordance with Law on the protection of personal data. Otherwise, the damages to be incurred shall remain with the Group of Relevant Persons.

8. APPLICATION PROCEDURES AND PRINCIPLES

• As a relevant person, you have the following rights;
• To learn whether or not your personal data have been processed;
• To request information as to the processing, if your data have been processed;
• To learn the purpose for which your personal data have been processed and whether the data are being used in accordance with their purpose;
• To find out who the third parties at home and abroad are to whom your personal data have been transferred;
• To request the correction of your personal data if it is incomplete or incorrectly processed,
• To object to any result that is to the relevant person’s detriment due to the analysis of processed personal data exclusively by automated systems;
• To demand compensation if the relevant person incurs damages due to the unlawful processing of personal data.

9. CONTACT US

• Feel free to send us any questions or concerns regarding these Principles by sending us an email at: info@tetysblu.com

10. CHANGES TO THIS PRIVACY POLICY

• If we decide to change these Principles, we will post the changes on this page and update the date of the change indicated above. In the event of a substantial change, we will inform you by any means deemed appropriate.