Protection of personal data Plume Gümüş LTD. STI. is an important issue for Plume Silver LTD. STI. It adopts the principles stipulated by the KVK Law in order to comply with the Law on the Protection of Personal Data No. 6698 (“KVK Law”), and fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer, enlightenment of the data subject and ensuring data security. brings. The Privacy and Personal Data Protection Policy regulated in this context is made available to natural persons whose personal data are processed (“Relevant Person”).

Scope and Purpose of Privacy and Personal Data Protection Policy This Privacy and Personal Data Protection Policy, Plume Gümüş LTD. ŞTİ.’s; The methods and legal reasons for collecting personal data, Which groups of people’s personal data are processed (Data Owner Categorization), Which category of personal data is processed in relation to these groups of people (Data Categories) and sample data types, In which business processes and for what purposes this personal data is used, Technical and administrative measures taken to ensure the security of personal data, To whom and for what purpose personal data can be transferred, Personal data retention periods, what rights the Relevant Persons have over their personal data and how they can use these rights, or how they can change their negative preferences, Share personal data with official authorities.

Personal Data Collection Methods and Legal Reasons Plume Gümüş LTD. STI. In accordance with the personal data processing conditions specified in the KVK Law, the personal data can be collected in audio, electronic or written form through the Websites, mobile applications of the Websites, social media accounts, cookies, call center, notifications from administrative and judicial authorities and other communication channels. It is collected in line with the legal reasons specified in the Personal Data Protection Policy.

Data Subject Person Group Categorization Plume Gümüş LTD. STI. categorizes the data subject groups, whose personal data are processed in personal data processing processes and activities related to these processes, as follows. In addition, in accordance with the personal data processing conditions specified in the 5th and 6th articles of the KVK Law, and in line with the legal reasons specified in this Privacy/Personal Data Protection Policy, the personal data of other individual groups (consultant, educator, blogger) can be processed.

1.Customer/Member, Potential Customer/Member 2. Online Visitor 3. On Behalf Of The Purchased Product To Be

2.Data Categories and Example Data Types

3.Customer/Member, Potential Customer/Member Identity Information: Name, surname, date of birth, gender, T.R. ID number Location Information: City of residence, county (delivery address of the purchase made through plumatelier.com) Contact Information: mobile phone, e-mail address, address, postal code, landline phone Financial Information: Tax office, billing information Customer / Member Information: Membership information, membership ID number Customer/Member Transaction Information: Purchased product/s, shopping amount, shopping date, commercial communication permission, used campaigns, coupons used, order information Risk Management Information: IP address Transaction Security Information: Password, password Information Marketing Information: Cookie records, targeting information, evaluations showing habits and tastes Legal Action and Compliance Information: The start and end time of the service provided, the type of service used, the amount of data transferred, the commercial electronic message permission given by the Relevant Person in the electronic environment, the consent given membership agreement, corporate membership agreement, distance sales agreement and offered by plumeatelier.com Other legal texts and contracts that enable the use of services Marketing Information: SMS, e-mail messages for marketing purposes sent based on the commercial electronic message permission given by the person concerned. Records of the complaints and/or requests transmitted through the application, social media accounts, and the actions taken during the evaluation or management of these requests

2. Online Visitor Transaction Security Information: Password, mobile phone, password information Legal Transaction Information/Risk Management Information: IP address Legal Transaction and Compliance Information: Start and end time of the service provided, type of service used, amount of data transferred.

3. Identity Information of the Person to whom the Purchased Product will be Delivered: Name, surname, date of birth, gender, T.R. ID number Location Information: City of residence, county (delivery address for purchases made through plumatelier.com) Contact Information: mobile phone, e-mail address, address, postal code, landline phone Financial Information: Tax office, billing information

In Which Business Processes and For What Purposes Personal Data is Used Personal data, Plume Gümüş LTD. STI. e-commerce platforms operated by (plumeatelier.com); Processing of online visitor data in accordance with the relevant legislation, Being able to shop from these platforms as “guests”, Carrying out membership transactions, improving the services offered on the Platforms, developing new services and providing information about it, Executing the Membership Agreement established with the Customer, customers with commercial electronic message approval. in terms of; Analyzing the preferences, tastes and needs of the Customer/Member and providing special promotions, opportunities and benefits to the Customer/Member, Within the scope of the contractual relationship, for customers with commercial electronic message approval; Direct marketing, digital marketing, remarketing, targeting, profiling and analysis, promotion and marketing of applications, goods/products and services in line with the preference and liking of the Customer/Member, Resolving Customer/Member problems and complaints, Customer based on commercial electronic message permission Communicating with the Member, improving the Customer/Member experience on both the platform and the mobile application, Creating customer/member satisfaction, loyalty and loyalty, Statistical evaluations and market research, Corporate reputation management, media communication, Plume Gümüş LTD. ŞTİ.’s commercial and business strategies, Follow-up of accounting and purchasing transactions, Legal processes and compliance with legislation, Answering information requests from administrative and judicial authorities, Planning in-company reporting and business development activities, Ensuring information and transaction security and bad prevention of purposeful use, Plume Gümüş LTD. ŞTİ.’s activities, Plume Gümüş LTD. STI. Planning and execution of the necessary operational activities to ensure that the procedures and policies prepared within the scope of the KVK Law are carried out, is used to make the necessary arrangements in order to ensure that the processed data is up-to-date and correct and to carry out the activities related to all these processes.

Technical and Administrative Measures Taken to Ensure the Security of Personal Data Plume Gümüş LTD. ŞTİ. undertakes to take all necessary technical and administrative measures and to show due diligence to ensure the confidentiality, integrity and security of your personal data. Plume Silver LTD. ŞTİ. takes the necessary measures to prevent unauthorized access, misuse, unlawful processing, disclosure, alteration or destruction of personal data. Plume Silver LTD. STI. uses generally accepted security technology standards such as firewalls and Secure Sockets Layer (SSL) encryption when processing personal data. In addition, when sending your personal data to NeuLib via the website, mobile application and mobile site, this data is transferred using SSL. Plume Silver LTD. STI. Regarding the prevention of unlawful access to the personal data it processes, the prevention of illegal processing of this data and the protection of personal data: All areas on the website or mobile application from which personal data are taken are protected by SSL, In order to prevent unlawful processing of personal data collected from the website or mobile application, Creates and implements access authorization and control matrices for its employees, In order to ensure that personal data is not accessed unlawfully; periodically performs penetration tests, tests the system’s resistance to unauthorized access, For all secondary data processing other than the primary processing purpose, it uses the Pseudonymization (aliased data) method. Pseudonymous uses encryption methods in the systems where this data is located in order to make it impossible to identify the person concerned, and applies a stricter access authorization and control policy to this data. Personal data processed through cookies belonging to third parties from which service is received, are deleted from the systems of third parties if the membership is terminated. Plume Silver LTD. ŞTİ. has taken the necessary information security measures, Plume Gümüş LTD. STI. Platforms operated by or Plume Silver LTD. STI. In the event that personal data is damaged or in the hands of unauthorized third parties as a result of attacks on the system, Plume Gümüş LTD. STI. immediately notifies you and the Personal Data Protection Board of this situation and takes the necessary measures.

1. To Whom Personal Data Can Be Transferred And For What Purpose Plume Gümüş LTD. STI. transfers personal data to third parties only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the KVK Law. In this context, the Customer/Member data processed and the person to whom the purchased product will be delivered are shared with the seller and the cargo company, and this data can also be accessed by the call center when necessary. The information of the person on whose behalf an invoice will be issued is shared with the cargo company for the purpose of sending the invoice to the relevant person. Customer data also; In line with the commercial electronic message approval of the customer, it is shared with the commercial electronic message tool service provider in order to provide promotion, advertisement, benefit and opportunity in line with the shopping preferences, tastes and habits of the customer. Website or mobile application usage preferences and browsing history are shared with third parties from whom cookies are serviced for the purpose of segmentation and communication with the Customer/Member in line with their tastes and preferences. Personal data transfers within this scope are carried out through the secure environment and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties; In all cases where there is no need to transfer the personal data of the Customer/Member, the transfer is made using Pseudonymous data (pseudonymous data).

1. Personal Data Retention Periods Plume Gümüş LTD. STI. maintains the personal data it processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required by the purpose of processing. In our Personal Data Retention and Destruction Policy, these periods are approximately as follows: Membership and order records 10 years Law No. 6098 All records related to accounting and financial transactions 10 years Law No. 6102, Law No. 213 Cookies Maximum 540 days Commercial electronic message confirmation records Confirm 1 year from the date of withdrawal Law No. 6563 and related secondary legislation Traffic information regarding online visitors 2 years Law No. 5651 Information received due to job application and/or CVs 1 year Personal data regarding customers 10 years after the legal relationship ends; 6563 3 years in accordance with the Law and related secondary legislation Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502 Personal data regarding suppliers 10 years after the end of the legal relationship Law No. 6102, Law No. 6098 and Law No. 213 You can review our Cookie Policy regarding the storage periods of personal data obtained through Cookies for 2 weeks for the purpose of usability test research.

1. Profiling and Segmentation Plume Gümüş LTD. STI. Using the personal data processed by the Customer/Member; It carries out profiling and segmentation in order to prepare content more suitable for the likes and preferences of the Customer/Member, and to make advertisements, promotions and discounts regarding the Customer/Member who has given consent for receiving commercial electronic messages. By profiling and segmentation for the Customer/Member who has not given commercial electronic message approval; Studies such as product improvement (determining the most sold or unsold product categories), modeling by analyzing shopping preferences, organizing campaigns for customer groups with the potential to buy a certain product and uploading it to the system, and taking actions to increase sales potential are carried out. Within the scope of profiling and segmentation studies, the personal data of the Customer/Member, especially name and surname, mobile phone, e-mail or address information, are not used directly, instead, transactions are made with the Customer/Member IDs assigned to them. The personal data of the Customer/Member is protected by the use of the Customer ID or in other words pseudonymous data. Customer/Member IDs Plume Gümüş LTD. STI. It is accessible only to relevant persons or departments. These IDs assigned to the Customer/Member are registered by Plume Gümüş LTD. STI. It is kept encrypted within the system and access to this section is again only given to limited people.

1. What their Rights on Personal Data Are and How They Can Use These Rights Plume Gümüş LTD. STI. The rights of the Relevant Person over the personal data processed by KVK Law, pursuant to article 11 of the KVK Law, are listed below: Learning whether personal data is processed, Requesting information about personal data if it has been processed, Learning the purpose of processing personal data and whether they are used in accordance with its purpose, Domestic or To know the third parties to whom personal data is transferred abroad, to request correction of personal data in case of incomplete or incorrect processing, to request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law, Requesting the notification of the third parties to whom the data is transferred, Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automatic systems, Requesting the compensation of the damage in case of damage due to the unlawful processing of personal data. don’t ep. In order to exercise your rights over your personal data; Plume Silver LTD. STI. You can access your account from the “My Account” section of the website, mobile application and mobile site and make the necessary changes, updates and / or deletions. Also, Plume Silver LTD. STI. You can apply and exercise your rights using the methods specified in the “Application Form” issued in accordance with Article 13 of the KVK Law on the website or mobile application of the electronic commerce platforms operated by the Company.

1. How Relevant Persons Can Change Their Positive or Negative Preferences for Receiving Electronic Commercial Messages Plume Gümüş LTD. STI. You can change or update your positive or negative preferences for receiving commercial electronic messages, which you have given when you become a member of the website or mobile application of the electronic commerce platforms operated by us, by accessing the “My Account” section at any time. Termination of membership does not mean withdrawing your consent to receive commercial electronic messages. For this reason, be sure to complete all the procedures to revoke your consent. In terms of cookie management, you can follow the steps specified in our Cookie Policy

3. Changes to the Privacy/Personal Data Protection Policy Plume Gümüş LTD. ŞTİ. can always make changes in this Privacy/Personal Data Protection Policy. These changes will become effective immediately upon the publication of the amended new Privacy/Personal Data Protection Policy. You, our members, will be informed about the changes in this Privacy/Personal Data Protection Policy.