Data Controller: Data controller (Controller) information:

Name: Suitech Software Informatics and Technology Services Limited Company

Address: Kisla District, Sehit Binbasi Cengiz Oytunc Street. Antelsan Business Center Business No:118 No:401 , Antelsan Business Center, Antalya, Mediterranean 07000, TR

E-mail: [email protected]

---

2. Scope:

This text, including our customers and employees Suitech Software Bilişim Ve Teknoloji Hizmetleri Limited Şirketi (hereinafter referred to as TheX Protocol(The TheX Protocol)) and the personal data of the persons associated with the personal data within our structure, including our customers and employees of the Constitution and international conventions to which Turkey is a party (ECHR, etc.) and the European General Data Protection Regulation (GDPR), Personal Data Protection Law No. 6698 (KVKK) is the text of enlightening users about personal data within the framework of the relevant legislation, especially.

The Site and Tools may evolve over time and this text will change to reflect that evolution. If changes are made, you will be notified by revising the date in the relevant section of this text. In some cases, if significant changes are made, an explanation may appear on the home page. We encourage you to periodically review this Privacy Policy to stay informed.

This disclosure text covers all of the following services of TheX Protocol and the organisations with which TheX Protocol cooperates and 3rd party services, including cookies. For this reason, users should also review the texts of the institutions and organisations with which TheX Protocol is associated. This text is subject to the TheX Protocol Privacy Terms, GDPR Explicit Consent Text and Cookie Text.

Definitions and Abbreviations: In this section, special terms and phrases, concepts, abbreviations, etc. used in the Policy are briefly explained.

Explicit consent: Consent given on a specific subject, based on information and free will, in a clear manner that leaves no room for hesitation, limited only to that transaction.

Anonymisation: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

Employee: TheX Protocol Users

Personal Data Owner (data subject): The natural person whose personal data is processed.

Personal Data: Any information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religious sect or other beliefs, appearance, membership to associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, storing, changing, reorganising, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorisation granted by the data controller.

Data Controller (Controller): The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Personal Data Protection Board: Personal Data Protection Board.

KVKK Authority: Personal Data Protection Authority.

KVKK: Law on the Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677.

GDPR: European Data Protection Directive

3. Processing of Personal Data

Suitech Software Bilişim Ve Teknoloji Hizmetleri Limited Şirketi (hereinafter referred to as TheX Protocol), including our customers and employees, and the personal data of the persons associated with us within the framework of the Constitution and international conventions to which Turkey is a party (ECHR, etc.) and the European General Data Protection Regulation (GDPR), within the framework of the relevant legislation, especially the Personal Data Protection Law No. 6698 (KVKK); we attach importance to the protection of your personal data and we inform you about this issue and obtain your explicit consent.

The Site and Tools may evolve over time and this express consent text will change to reflect that evolution. If changes are made, you will be notified by revising the date in the relevant section of this text. In some cases, if significant changes are made, an explanation may appear on the home page. We recommend that you review this text periodically to stay informed.

This text covers all of the following services of TheX Protocol and the organisations with which TheX Protocol cooperates, as well as 3rd party services, including cookies. Users should therefore also review the texts of the organisations and institutions with which TheX Protocol is associated.

TheX Protocol and its affiliated platforms are listed below. The clarification text covers all these platforms, their services and legal texts.

X Protocol Platform (X Protocol): https://thexprotocol.com/

X Protocol Mobile Applications:

• Instagram:
• Twitter:
• LinkedIn:
• Facebook:
• Discord:
• WhatsApp:

This Clarification Text covers all of the following services of TheX Protocol and the organisations that TheX Protocol cooperates with and 3rd party services including cookies. For this reason, users should also review the texts of the institutions and organisations with which TheX Protocol is associated. This text is subject to the TheX Protocol Privacy Policy, Explicit Consent Text and Cookie Text.

4.Purposes of Processing Your Personal Data:

Your personal data;

Carrying out the necessary work for you to benefit from our services and activities, carrying out audit / ethical activities, carrying out activities in accordance with the legislation, carrying out financial and accounting affairs, carrying out / auditing business activities, receiving and evaluating suggestions for the improvement of business processes, carrying out activities to ensure business continuity, carrying out goods / service procurement processes, carrying out goods / service after-sales support services, Execution of goods / service sales processes, execution of goods / service production and operation processes, execution of contract processes, providing information to authorised persons, institutions and organisations, promotion in TheX Protocol activities, use for marketing purposes by fully protecting the personal rights of users, to provide better service together with third party applications and parties, to provide you with our marketing materials and to facilitate social sharing.

for the purposes for which they are intended.

5. ScopeYour personal data is kept on our TheX Protocol overseas server, and our server panel is kept abroad in the necessary panel service as required.

6. Transfer of Your Personal Data

Personal data cannot be transferred without the explicit consent of the data subject, except for the exceptions specified in Article 6 of the GDPR and Articles 5 and 8 of the KVKK.

TheX Protocol does not transfƒer your personal data to third parties in any way, except for legal, technical and operational obligations. TheX Protocol keeps your personal data in Amazon AWS and Cloudfare Servers in the UK London Server due to technical server requirements in accordance with GDPR and KVKK, and transfers it to Turkey since it carries out transactions in Turkey due to the execution of operations. In addition, your personal data may be transferred to platforms such as legal officer, accounting, wallet company, etc. with which it cooperates for the execution of operations and services.

TheX Protocol, in its policy of transferring personal data, carries out procedures in accordance with the Constitution of the Republic of Turkey, the European Convention on Human Rights, Articles 5 and 6 of the European General Data Protection Regulation (GDPR) and especially Articles 8 and 9 of the Law No. 6698 on the Protection of Personal Data.

Cookies

Cookie Type	Description
Cookie Session	Refers to temporary cookies that are kept on your devices until you leave the website. These cookies are there for a better site experience. Session cookies persist as long as the user keeps the session open. We delete these cookies when the user leaves the session. Cookies such as filtering options, additions to the basket without logging in are kept. We do not pass these cookies on to anyone.
Mandatory Cookies	These are cookies that must be used in order for the website to function properly and for users to benefit from the services and navigation features offered on the site. It is stored for a maximum of 2 years until you delete it. These cookies are needed to protect the system from fake systems. It is necessary for better management of the site. It includes information such as the session duration of visitors, how they switch from pages, and the buttons they touch. We do not transfer these cookies to anyone.
Functional and Analytical Cookies	These are cookies that contain data about remembering your preferences and using the website effectively. Due to their nature, cookies of this type may contain your personal data. For example; cookies that save your language preference on our website are functional cookies. It is stored for a maximum of 2 years until you delete it. We do not share these cookies with anyone.
Persistent Cookies	Cookies that persist on the person's computer until a certain date or until they are deleted by the visitor. These cookies are mostly used to measure the website movements and preferences of visitors. In accordance with the GDPR, we keep and delete these cookies for 12 months.

Method and Legal Reason for Collecting Your Personal DataIn this context, in accordance with Art. 6 GDPR and Art;

"To be clearly stipulated in the laws."

and

"Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process the personal data of the parties to the contract."

and

"It is mandatory for the data controller to fulfil its legal obligation."

and

"Data processing is mandatory for the establishment, exercise or protection of a right."

"Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject."

It can be processed for legal reasons.

Your Rights Regarding the Protection of Your Personal Data

In accordance with Art. 15 GDPR and Art. 11 KVKK regarding your personal data;

The data subject has the right to verify with the controller whether personal data concerning him/her are being processed and, in the event of processing, to request access to the personal data and the following information

• the purposes of processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the period foreseen for the retention of personal data or, where that is not possible, the criteria used for the purpose of determining that period;
• the existence of the right to request the controller to rectify or erase personal data concerning the data subject or to restrict the processing of such data, or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• if the personal data are not obtained from the data subject, available information on the sources of such data;
• the existence of automated decision-making referred to in Article 22(1) and (4), including profiling, and, at least in those cases, meaningful information on the reasoning carried out, as well as on the significance for the data subject of the processing concerned and objections to the envisaged consequences.
• Requesting information if your personal data has been processed,
• You have the right to demand compensation for damages in case you suffer damage due to unlawful processing of your personal data.

2. If personal data are transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR in connection with the transfer.

You can send us your request to exercise these rights in writing or, if a separate method is determined by the European Data Protection Board / Personal Data Protection Board, in accordance with this method.

"Kisla District, Sehit Binbasi Cengiz Oytunc Street. Antelsan Business Center Business No:118 No:401 , Antelsan Business Center, Antalya, Mediterranean 07000, TR" address or [email protected] e-mail address.

Legal Obligations: Legal obligations within the scope of protection and processing of personal data as a data controller in accordance with KVKK are listed below:

Our obligation to inform: When collecting personal data as a data controller;

• The purpose for which your personal data will be processed,
• Information about our identity and, if applicable, the identity of our representative,
• To whom and for what purpose your processed personal data can be transferred,
• Our method of collecting data and legal grounds,
• We have the obligation to inform the Relevant Person about the rights arising from the law.

As TheX Protocol, we take care that this policy, which is open to the public, is clear, understandable and easily accessible.

Our obligation to ensure data security: As a data controller, we take the administrative and technical measures stipulated in the legislation to ensure the security of personal data within our organisation. The obligations and measures taken regarding data security are detailed in this Policy. In this context, TheX Protocol,

It performs the necessary antivirus and other malware protection,

It cooperates with the company that provides server security in a way to provide optimum security,

3. acts with companies and individuals who will pay attention to security in their contacts and co-operations,

It endeavours to take legal and administrative measures in its relations with both employees and third parties.

Amazon Technologies and Cloudflare technologies are used in the entire infrastructure of TheX Protocol.

All websites belonging to TheX Protocol are encrypted via Amazon SSL and SSL policies have been implemented.

In the websites related to the sales of TheX Protocol, load distribution technologies are applied using AWS Distributed server architectures, accordingly, if the traffic is from a single point in case of DDOS Attack of the platforms, the source of the attack is directly blocked. If the DDOS attack on TheX Protocol comes from different regions in a distributed manner, the source of the attack is absorbed by distributing it to all traffic.

Advanced encryption techniques are used in User Login / Registration stages. All movements of users are controlled by structures we call JWT Tokens.

TheX Protocol applies profile identification techniques, which we call IAM, on its servers. According to these techniques, all ports belonging to the servers are controlled and traffic limits are set.

Evaluation of the Application: Requests regarding personal data shall be finalised free of charge as soon as possible and within 30 (thirty) days at the latest depending on the nature of the request. However, if the transaction requires an additional cost, a fee determined by the authorised board may be charged.

Additional information and documents may be requested during the application or during the evaluation of the application.

If the request is accepted, the relevant procedure is applied and notification is made in writing or electronically. If the request is rejected, the applicant is notified in writing or electronically by explaining the reason.

Right of complaint to the European Data Protection Board and the Personal Data Protection Board:

In cases where the application is rejected, the response to the application is found insufficient or the response is not given in due time; the applicant has the right to file a complaint to the PDP Board or the European Data Protection Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the date of application.

Publication and Storage of the Document: This Policy is kept in two different media, printed paper and electronic media. The current version of the documents is available on the corporate portal and website.

Renewal: This Policy is reviewed at least once a year and updated if necessary.