Information Text Regarding the Processing of Personal Data

BETA PHARMACEUTICAL WAREHOUSE TRADE INDUSTRY LIMITED COMPANY

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA

This Clarification Text has been prepared by BETA ECZA DEPOSU TİCARET SANAYİ LİMİTED ŞİRKETİ for the purpose of informing the Company’s customers, suppliers, customers, distributors and dealers regarding the processing of their personal data by the Company within the scope of the Personal Data Protection Law No. 6698.

Detailed information on the processing of your personal data within the scope of this Clarification Text can be found in the BETA Ecza Deposu Ticaret Sanayi Limited Şirketi Personal Data Protection and Processing Policy at [https:// betapethealth.com.tr].

1-DEFINITIONS

1. a) Recipient group: The category of natural or legal person to whom personal data is transferred by the data controller,
2. b) Data subject: The natural person whose personal data is processed,
3. c) Law: Personal Data Protection Law dated 24/3/2016 and numbered 6698,

ç) Board: Personal Data Protection Board,

1. d) Institution Personal Data Protection Authority,
2. e) Registry: The Data Controllers Registry kept by the Presidency,
3. f) Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
4. g) Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

2-PURPOSES OF PROCESSING PERSONAL DATA

Personal data is processed by our Company within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law. Within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law, planning and execution of the activities necessary for the recommendation and promotion of the products and services offered to the relevant persons by customizing them according to the tastes, usage habits and needs of the relevant persons, carrying out the necessary work by the business units to benefit the relevant persons from the products and services offered and carrying out the relevant business processes, The processing is carried out for the purposes of carrying out the necessary work by the relevant business units for the realization of the commercial activities carried out and the execution of related business processes, planning and execution of commercial and/or business strategies and ensuring the legal, technical and commercial-business security of the Company and the relevant persons who have a business relationship with the Company.

In addition, personal data are processed for the purposes of planning and execution of occupational health and safety processes, planning, auditing and execution of information security processes, providing information to authorized institutions and organizations arising from legislation, carrying out personnel recruitment processes, being directly related and necessary for the establishment or performance of a contract, fulfilling the obligations arising from the employment contract and legislation for company employees, carrying out personnel recruitment processes, and managing legal operations.

3- TO WHOM AND FOR WHAT PURPOSE PERSONAL DATA MAY BE TRANSFERRED

Personal data is processed by our Company within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law. Within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, planning and execution of the activities necessary for the recommendation and promotion of the products and services offered to the relevant persons by customizing them according to the tastes, usage habits and needs of the relevant persons, carrying out the necessary work by the business units to benefit the relevant persons from the products and services offered and carrying out the relevant business processes, For the purposes of carrying out the necessary work by the relevant business units for the realization of the commercial activities carried out and the execution of the related business processes, planning and execution of commercial and/or business strategies and ensuring the legal, technical and commercial-business security of the Company and the relevant persons who have a business relationship with the Company,

It is transferred for the purposes of planning and execution of occupational health and safety processes, planning, auditing and execution of information security processes, providing information to authorized institutions and organizations arising from legislation, conducting personnel recruitment processes, being directly related and necessary for the establishment or performance of a contract, fulfilling the obligations arising from the employment contract and legislation for company employees, conducting personnel recruitment processes, managing legal operations.

Personal data

1- Official institutions and organizations providing public services

2- Companies providing Cloud Computing Service, Data Center Service, E-mail Service, Cyber Security Service, Software Development Service,

3- Persons and organizations from whom we receive services to carry out the Company’s activities and for legal requirements,

4- Natural persons and private legal entities,

5- Organizations auditing company activities, independent audit firms, financial advisors and consultancy firms, law offices

6- To shareholders/partners

7- Transferred to business partners abroad.

4- METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Personal data are collected electronically or physically by our Company during the purchasing and invoicing process, financial and accounting processes, quality control, complaint management and risk analysis processes of services, various contracts, business cards, filling out a form, website, data integration or through the application of the person concerned through camera shooting. Personal data by our Company;

Based on the legal reasons that it is clearly stipulated in the legislation to which our company is subject and that it is mandatory for our company to fulfill its legal obligation, and that it is necessary for the establishment or performance of the contract,

It is collected for legal reasons that data processing is mandatory for the establishment, exercise or protection of a right. Your collected personal data may be processed and shared within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law.

5-DATA SUBJECTS’ RIGHTS AND EXERCISE OF THESE RIGHTS

As personal data owners, you have the following rights regarding your personal data. If you submit your requests regarding your personal data to our Company by the methods specified below, your requests will be evaluated and finalized by our Company as soon as possible and in any case within 30 (thirty) days.

Pursuant to Article 11 of the Law, you have the following rights as a personal data owner:

• To learn whether your personal data is being processed or not,
• Request information if your personal data has been processed,
• To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom your personal data is transferred domestically or abroad,
• To request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• Although it has been processed in accordance with the provisions of the Law and other relevant laws, to request the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• To object to the emergence of a result to the detriment of the person himself/herself by analyzing your processed data exclusively through automated systems,
• In the event that your personal data is damaged due to unlawful processing of your personal data, to demand the compensation of the damage.

According to paragraph 1 of Article 28 of the Law, since the data will be outside the scope of the Law in the following cases, the requests of the data subjects will not be processed in terms of these data:

• Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that the personal data is not disclosed to third parties and the obligations regarding data security are complied with.
• Processing of personal data for purposes such as research, planning and statistics by anonymizing personal data with official statistics.
• Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.
• Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution procedures.

Paragraph 2 of Article 28 of the Law lists the cases where data subjects do not have the right to request and within this scope;

• Processing of personal data is necessary for the prevention of crime or criminal investigation,
• Processing of personal data made public by the data subject himself/herself,
• Personal data processing is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,
• Processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and fiscal matters,

In such cases, the rights specified above cannot be exercised with respect to the data.

Exercise of Rights by Data Subjects

Data subjects will be able to use the “Form for Applications to be made by the Personal Data Subject to the Data Controller” available at the link [https:// betapethealth.com.tr] to exercise the aforementioned rights. Applications shall be made by one of the following methods together with the documents that will identify the identity of the relevant data subject:

• Filling out the form and sending the wet signed copy to [Bayındır Mahallesi Gazi Bulvarı No:18 Muratpaşa/Antalya] by hand, through a notary public or by registered letter with return receipt,
• Following a method stipulated by the Personal Data Protection Board.

Our Company responds to data subjects who wish to exercise such rights within the limits stipulated in the Law within a maximum period of thirty (30) days as stipulated in the Law. In order for third parties to make an application request on behalf of personal data owners, there must be a special power of attorney issued by the data owner through a notary public on behalf of the person who will make the application.

Although data subject applications are processed free of charge as a rule, fees may be charged based on the fee tariff stipulated by the Personal Data Protection Board. Our Company may request information from the relevant person in order to determine whether the applicant is a personal data owner or not, and may ask questions to the personal data owner about his/her application in order to clarify the issues specified in the application