Customer Application Management Policy Kişisel Verilerin Korunması ve Gizlilik Politikası Çalışan Adayı Aydınlatma Beyanı-en Customer Clarification Text Internet Insurance Privacy Policy and User Agreement Sompo Insurance Cookie Policy Hak Sahiplerince Aranmayan Paralar General Disclosure Statement on the Protection of Personal Data Tax Applications

Customer Clarification Text

SOMPO SİGORTA A. Ş. CLARIFICATION STATEMENT REGARDING THE PROCESSING OF CUSTOMER PERSONAL DATA*

In accordance with the Article 10 of 6698 Numbered Personal Data Protection Law (“KVKK”), as Sompo Sigorta A.Ş. (“Sompo Sigorta” or “Company”) registered at İstanbul Trade Registry with number 455439-0; located at Rüzgarlıbahçe Mah. Çam Pınarı Sok. No: 10 Beykoz / İstanbul, with central registration system number 0387019755300019, Large Taxpayers Tax Office and tax number 3870197553; we would like to inform you of the personal data processing activities we carry out.

1. Data Controller and Representative

Personal data belonging to you may be processed, saved, stored, classified, updated and disclosed/transferred to third parties as permitted by the legislation or limited to the purpose for which they were processed, in accordance with and limited to the purposes described below, by Sompo Sigorta as the data controller.

2. Purpose of Processing Your Personal Data

Your personal data, in accordance with the basic principles stipulated in the KVKK, will be processed for the purposes of;

1. Fulfilling the obligations and legal notificationsarising from the legislation , execution of legal follow-up processes,
2. Information collection, analysis, evaluation, proposal preparation, policy approval, rejection, arrangement, renewal, updating, inclusion of spouse, children and interests in the policy, insurance transactions, performing assistance services,
3. Conducting policy and proposal studies in various insurance branches, issuing, renewing, management of collection processes, payment of premiums and commissions, carrying out development studies, conducting reinsurance and coinsurance processes,
4. Obtaining, examining, evaluating, concluding damage reports, making payments, assigning loss adjusters, conducting loss adjuster processes, entering contracted minutes into the system, selling pert and damaged vehicles,
5. Execution of financial and accounting transactions
6. Making, evaluating and meeting recourse requests,
7. Risk analysis and management,
8. Management of site inspection and suspicious damage investigation processes,
9. Sharing some data regarding lawsuits and/or damage notifications with actuary firms,
10. Not for marketing purposes; Measuring service quality and customer satisfaction, evaluation of assistance services, complaint management, segmenting customers in line with relevant data, conducting surveys, providing ex-gratia services, conducting campaigns and promotion processes,
11. Recording incoming calls, using the records to increase service quality, creating and tracking visitor records,
12. Providing technical support from companies that provide foreign services,
13. Database creation, protection, backup and surveillance,
14. Correspondence activities,
15. To be able to send all kinds of commercial electronic messages as a result of the approval obtained in accordance with the Electronic Commerce Law,
16. Taking camera recordings,
17. Making reports within the scope of insurance activities,
18. Transferring it to public institutions and organizations such as the Ministry of Treasury and Finance, Insurance Information and Monitoring Center, The Financial Crimes Investigation Board and judicial authorities in order to fulfill the obligations arising from the legislation.

In case of your explicit consent;

1. Getting expert opinion on health data during policy making, past damage research,
2. Execution of marketing operations, including the creation of campaigns, cross-selling,
3. Sharing health data related to lawsuits and/or damage notifications with medical companies,
4. All kinds of surveys, including surveys measuring the quality of insurance services and customer satisfaction, market research,
5. Objectives regarding the cases where the situations listed above do not fall under the KVKK article 5/2, article 6/3 and article 28 and similar exceptions

It is processed with, and securely stored in physical or electronic media for an appropriate period of time for processing. Within the scope of these activities, our Company complies with the obligations stipulated in all relevant legislation, especially the KVKK, regarding the protection of personal data.

You can review the Sompo Sigorta Personal Data Protection and Privacy Policy on our website for detailed information about our company's data processing policy.

3. Transfer of Your Personal Data

Your personal data processed in accordance with the law by Sompo Sigorta can be disclosed/transferred to the parent company of the Company (including Regional Directorates, Branches), Agencies, Brokers, business partners, affiliates, public institutions, companies from which Health Expenditure Management services are provided, intermediaries, training companies, research companies, contracted actuaries, medical consultants, assistance companies, experts, other insurance companies and reinsurance companies, companies from which support services are provided, independent audit companies and other third parties due to our various legal obligations for the purposes specified in Article 2 or for insurance transactions, fulfillment of contractual and legislative obligations.

4. Data Transfer To Other Countries

Your personal data processed by Sompo Sigorta in accordance with the law can be transferred to persons or organizations residing in foreign countries which are determined to have adequate protection by personal data protection board ("Board"); or countries other than those determined and announced by the Board, in limited situations, provided that the data controllers in the country to which the personal data is transferred undertake adequate protection in writing, in line with your explicit consent or without your explicit consent in the presence of the situations stipulated in the provisions of Article 5/2 of the KVKK and Article 6/3 of the KVKK.

5. Collection Method of Your Personal Data and Legal Reason

Your personal data are collected by Sompo Sigorta to carry out our activities for above-mentioned legal reasons via form, e-mail, telephone, sms, website, mobile application, facebook member login, cargo, correspondence, field studies, autoanalysis, social media, 3rd parties, notification, web interface, camera recording, assistance firms, Agencies, Brokers, reports and other channels. In case of logging in and/or becoming a member via the Facebook account on our website, it is possible to access/process/transfer/use/save personal data in the Facebook account in line with the service provided by Sompo Sigorta A.Ş. It is possible to set which data will be accessible to Sompo from the privacy settings in the Facebook account. In this context, your personal data can be processed and transferred without obtaining explicit consent in the light of the principles stipulated in KVKK article 4/2, or in case of the existence of the conditions stipulated in KVKK article 5/2 and KVKK article 6/3 provisions.

6. Rights You Have Pursuant to Article 11 of KVKK

In order for Sompo Sigorta to evaluate and resolve immediately, effectively and comprehensively, the applications to be made by you within the scope of Article 11 of the KVKK, you can send the Data Owner Application Form on our website with a wet-ink signature and with a copy of the ID attached to the General Directorate address stated on our Contact page, by registered mail. Sompo Sigorta will conclude your request free of charge, depending of its nature, as soon as possible and in any case within thirty (30) days at the latest. However, if the procedures to be carried out for the examination and conclusion of your application require an additional cost, the fees in the tariff determined by the Board will be invoiced to you.

The rights you have pursuant to the above-mentioned article are as follows:

1. Learning whether your personal data is processed by Sompo Sigorta,
2. If your personal data has been processed, requesting information about it,
3. To learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
4. Knowing the third parties to whom personal data is transferred at domestic or abroad,
5. Requesting correction of personal data in case of incomplete or incorrect processing,
6. Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
7. Requesting notification of the transactions made pursuant to clauses 11 (d) and (e) of KVKK to third parties to whom personal data has been transferred
8. Objecting to a result against you by analyzing your personal data exclusively through automated systems,
9. If you suffer any damage due to the processing of your personal data in violation of the relevant legislation, requesting the compensation of the damage.

7. Requesting to Update Your Information

Your personal data processed by Sompo Sigorta must be accurate and up-to-date. For this reasons, in case of any change in your personal data, you can notify this matter by registered mail with wet-ink signature and a photocopy of your identity card attached to the Data Owner Application Form and our General Directorate address, which is stated on our Contact page.

DATA OWNER NAME SURNAME

DATE

SIGNATURE