COMPANY POLICY

Personal Data Protection and Processing Policy
This Personal Data Protection and Processing Policy has been prepared by EMA Safety Shoes (“Company”) within the framework of Law No. 6698 on the Protection of Personal Data. It provides information about our company’s procedures and principles regarding the processing and transfer of personal data shared or generated by users, visitors, members, and other individuals (“User or Relevant Person”) during their use of the content on the Company’s official website, www.emaayakkabi.com (“Website”). Based on these procedures and principles, as a Company, we take all necessary administrative and technical measures in line with the policy we have implemented for the protection and processing of Personal Data.

1. Purpose of the Personal Data Protection and Processing Policy

The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to regulate the principles and procedures determined by our company, which operates in the manufacturing and sales of shoes, regarding the processing, protection, and, when necessary, destruction of personal data within the scope of Law No. 6698 on the Protection of Personal Data. It should also be noted that the Policy aims to maximize the protection of individuals' fundamental rights and freedoms, particularly the right to privacy as regulated under Article 20 of the Constitution, and to inform Data Subjects about the procedures and principles to be applied by our Company in line with its obligations under Law No. 6698 on the Protection of Personal Data. The primary and most important goal of our Policy is to ensure the confidentiality of private life and the security of personal data belonging to Data Subjects.

2. Scope of the Personal Data Protection and Processing Policy

This Policy applies to specific groups of real persons within the Company, as well as newly identified real persons outside the Company, including but not limited to:

- Company Shareholders,

- Business Partners,

- Company Authorities,

- Company Employees,

- Company Interns,

- Former Employees,

- Job Applicants,

- Visitors,

- Company Customers,

- Potential Customers,

- Third Parties.

The Policy is designed to cover all real persons beyond those explicitly mentioned above. The Company publishes this Policy on its website, www.emaayakkabi.com, to provide information about Law No. 6698 on the Protection of Personal Data. As noted, this Policy does not apply to legal entities under any title or capacity. Additionally, a separate “Employee Personal Data Processing Policy” will apply to Company employees.

This Policy applies to the Personal Data of the aforementioned individuals, provided the Company processes such data fully or partially through automated means or through non-automated means as part of a data recording system under the scope of Law No. 6698 on the Protection of Personal Data. If the data does not fall under the definition of “Personal Data” provided below, or if the data processing activities are not conducted through the specified methods, this Policy will not apply.

3. Definitions under Law No. 6698 on the Protection of Personal Data

While implementing this Policy, the Company uses the following key definitions within the scope of the Law:

Explicit Consent: Consent given freely, based on information, and specific to a particular subject.

Anonymization: The process of rendering Personal Data unidentifiable to a specific or identifiable real person, even when matched with other data.

Company: Refers to EMA Safety Shoes

Company Authority: Members of the board of directors and other authorized individuals of EMA Safety Shoes

Company Shareholder: Real persons who are shareholders of EMA Safety Shoes

Company Business Partner, Their Shareholders, Representatives, Employees: Real persons involved in any business relationship with the Company, including those employed by or representing business partners and suppliers.

Job Applicant: Real persons who have applied for a job with the Company or have opened their CVs and related information for review by the Company.

Company Customer: Real persons who use or have used the Company’s products and services, regardless of whether they have a contractual relationship with the Company.

Potential Customer: Real persons who have shown interest in or are evaluated as potentially interested in the Company’s products and services according to commercial practices and good faith principles.

Third Party: Individuals not covered by EMA Safety Shoes Personal Data Protection Policy for Employees and who do not fall into any other Data Subject category defined in this Policy.

Visitor: Real persons who enter the physical premises of the Company for various purposes or visit its websites for any reason.

Law: Refers to Law No. 6698 on the Protection of Personal Data.

Secondary Legislation: Regulations, circulars, communiqués, principle decisions, or similar administrative decisions issued or adopted by the Personal Data Protection Authority under the Law.

Relevant Users: Persons or units, except those responsible for technical storage, protection, and backup of data, who process Personal Data within the data controller organization or under its authority and instructions.

Personal Data: Any information relating to an identified or identifiable real person.

Processing of Personal Data: Any operation performed on Personal Data, whether fully or partially automated or through non-automated means as part of a data recording system, such as collection, recording, storage, preservation, alteration, organization, disclosure, transfer, acquisition, making accessible, classification, or prevention of use.

Board: Refers to the Personal Data Protection Board.

Authority: Refers to the Personal Data Protection Authority.

Special Categories of Personal Data: Data concerning race, ethnicity, political opinion, philosophical beliefs, religion, sect, or other beliefs, attire, association or union membership, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.

Registry: Refers to the Data Controllers Registry, a system where data controllers are required to register and declare information about their data processing activities.

Data Processor: A real or legal person who processes Personal Data on behalf of the Data Controller based on the authority granted by the Controller.

Data Recording System: A recording system where Personal Data is processed and structured according to specific criteria.

Data Protection Commission: Refers to the Company's Personal Data Protection Commission.

Data Subject: Refers to the real person whose Personal Data is processed, as defined as the “Relevant Person” in the Law. This includes customers, internet users, individuals in communication, email, and marketing databases, employees, contractual parties, and suppliers.

Data Controller: A real or legal person responsible for determining the purposes and means of processing Personal Data and managing the data recording system.

Draft Regulation on the Data Controllers Registry: A draft regulation prepared under Article 16 of the Law. It has not yet been enacted.

Erasure: Rendering Personal Data inaccessible and unusable for Relevant Users under any circumstances.

Erasure and Destruction Policy: Refers to the Company’s policy outlining the procedures and principles for erasing, destroying, or anonymizing Personal Data under the Regulation on the Deletion, Destruction, or Anonymization of Personal Data.

Destruction: Rendering Personal Data completely inaccessible, irretrievable, and unusable by any person.

4. Enforcement of the Personal Data Protection and Processing Policy

This Policy, prepared by EMA Safety Shoes, is published on the Company’s website (www.emaayakkabi.com) and made available to Data Subjects upon request as of the publication date.

5. Protection of Personal Data Within the Scope of Our Company Policy

a. Data Security: Our Company takes all necessary technical and administrative measures to ensure an appropriate level of security in accordance with Law No. 6698 on the Protection of Personal Data. These measures aim to prevent unlawful processing and access to Personal Data and to ensure its secure storage.

b. Supervision: Our Company conducts and ensures the necessary audits to establish, maintain, and sustain the data security measures outlined above.

c. Confidentiality: Our Company ensures that relevant data controllers and processors do not disclose the Personal Data they possess to unauthorized parties or use it for purposes other than its intended processing. Necessary technical and administrative measures are taken, considering technological capabilities and application costs. Additionally, our employees are provided with training and information regarding the Law and the Policy.

d. Unauthorized Disclosure of Personal Data: In the event that Personal Data processed by our Company is unlawfully accessed by third parties, our Company promptly undertakes the necessary actions to notify the relevant Data Subject and the Personal Data Protection Authority. If deemed necessary by the Authority, this situation may also be announced on the Authority’s website or through another appropriate method determined by the Authority

e. Protection of the Legal Rights of Data Subjects: Our Company respects and safeguards all legal rights of Data Subjects regarding the application of the Policy and the Law. It takes all necessary measures to protect these rights.

f. Protection of Special Categories of Personal Data: As defined in the "Definitions" section, special categories of Personal Data include information such as an individual's race, ethnicity, political opinion, philosophical belief, religion, sect, or other beliefs; attire; membership in associations or unions; health; sexual life; criminal convictions; and security measures, as well as biometric and genetic data. Our Company considers the potential harm or discrimination that may occur if such data is disclosed to third parties. For this reason, all necessary measures are meticulously taken to protect such data, which is processed in compliance with the law.

6. General Principles for Processing Personal Data Under Our Company Policy

Our Company processes Personal Data in accordance with Law No. 6698 on the Protection of Personal Data and the procedures and principles set forth in this Policy. While processing Personal Data, the following principles are adhered to:

a. Principle of Compliance with Legal Rules and Good Faith: Our Company processes Personal Data in compliance with Law No. 6698, associated regulations, and both private and customary laws. Data is handled with the utmost care, adhering strictly to the principle of good faith within these boundaries.

b. Principle of Accuracy and Up-to-Dateness: Our Company ensures that the Personal Data it processes is accurate and up-to-date, considering the fundamental rights and legitimate interests of Data Subjects. This includes identifying data sources, verifying their accuracy, and evaluating the need for updates.

c. Principle of Processing for Specified, Clear, and Legitimate Purposes: The Company defines the purpose of data processing clearly and precisely and ensures that the purpose is legitimate. A legitimate purpose means that the Personal Data processed is relevant and necessary for the Company's business operations or services.

d. Principle of Relevance, Limitation, and Proportionality: The Company ensures that the processed Personal Data is adequate to achieve the specified purposes and avoids processing data that is irrelevant or unnecessary. If new needs arise, data processing is carried out as if starting afresh, adhering to one of the conditions for processing Personal Data stipulated in the Law. Additionally, the processed data is limited to what is necessary for achieving the intended purpose.

e. Principle of Retention for the Duration Required by Relevant Law or Processing Purpose: If a specific retention period is stipulated in the relevant legislation, the Company complies with these periods. Otherwise, Personal Data is retained only for as long as necessary to fulfill the purpose for which it was processed. If there is no valid reason to retain the data longer, it is deleted, destroyed, or anonymized

7.Conditions for Processing Personal Data Under Our Company Policy

Personal Data processed by our Company is handled in accordance with Law No. 6698 on the Protection of Personal Data and the procedures and principles set forth in this Policy. The Company adheres to the following principles when processing Personal Data:

a. Compliance with Legal Rules and Principle of Good Faith: Our Company processes Personal Data in compliance with Law No. 6698 and its associated regulations, considering private and customary law. The data is handled in a manner that adheres to the principle of good faith and within these boundaries is used with due care.

b. Principle of Accuracy and Currency: The Company ensures that the Personal Data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of Data Subjects. Special attention is paid to identifying the sources of the data, verifying its accuracy, and evaluating whether updates are needed.

c. Processing for Specified, Clear, and Legitimate Purposes: The Company determines the purpose of data processing clearly and precisely, ensuring that the purpose is legitimate. A legitimate purpose means that the Personal Data processed is relevant to and necessary for the Company's business or the services it provides.

d. Principle of Relevance, Limitation, and Proportionality to the Processing Purpose: Our Company ensures that the processed Personal Data is suitable for achieving the specified purposes and avoids processing data that is unrelated or unnecessary for the intended purposes. For future potential needs, data processing is carried out as if starting anew, adhering to one of the Personal Data processing conditions set forth in the Law. Furthermore, the processed data is limited to what is necessary to achieve the intended purpose.

e. Retention for the Duration Required by Relevant Law or the Processing Purpose: If a specific retention period is stipulated in the relevant legislation, the Company complies with these periods. In other cases, Personal Data is retained only for as long as necessary to achieve the purpose for which it was processed. If there is no valid reason to retain the data for a longer period, it is deleted, destroyed, or anonymized.

8. Conditions for Processing Special Categories of Personal Data Under Our Company Policy

Our Company does not process Special Categories of Personal Data without the explicit consent of the Data Subject. However, Personal Data, excluding those related to health and sexual life, may be processed without explicit consent in circumstances stipulated by law.

Personal Data concerning health and sexual life is processed by our Company without the explicit consent of the Data Subject only under conditions where confidentiality obligations are maintained, and the purpose is to:

- Protect public health,

- Conduct preventive medicine,

- Diagnose and provide medical treatment and care services,

- Plan and manage healthcare services and their financing.

Our Company diligently ensures compliance with sufficient safeguards determined by the Personal Data Protection Board when processing Special Categories of Personal Data. It meticulously follows the necessary monitoring processes and implements all measures and requirements that may be undertaken.

9. Deletion, Destruction, or Anonymization of Personal Data Under Our Company Policy

Although Personal Data processed by our Company is in compliance with the Law and other relevant legal provisions, such data will be deleted, destroyed, or anonymized by the Data Controller, either ex officio or upon the request of the Data Subject, when the reasons for its processing no longer exist.

The provisions of other laws regarding the deletion, destruction, or anonymization of Personal Data remain reserved. The procedures and principles for the deletion, destruction, or anonymization of Personal Data are regulated by applicable regulations.

10. Transfer of Personal Data Under Our Company Policy

Personal Data may be transferred by our Company under the following conditions:

- If it is necessary to protect the life or physical integrity of the Data Subject or another person, and the Data Subject is unable to express their consent due to actual impossibility or if their consent lacks legal validity,

- If the transfer of Personal Data is necessary for the establishment or performance of a contract directly related to the parties involved,

- If the transfer of Personal Data is required for the Company to fulfill its legal obligations,

- If the Personal Data has been made public by the Data Subject,

- If the transfer of Personal Data is necessary for the establishment, exercise, or protection of a legal right,

- If the transfer of Personal Data is necessary for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the Data Subject.

11. Transfer of Personal Data Abroad Under Our Company Policy

For the purposes of processing Personal Data, our Company may transfer Personal Data and Special Categories of Personal Data of Data Subjects to third parties abroad, provided that necessary security measures are taken.

In doing so, the following conditions outlined in the relevant legislation are observed:

- Personal Data may be transferred to foreign countries declared by the Personal Data Protection Board (KVK Board) to have adequate protection.

- If adequate protection is not available, Personal Data may be transferred to foreign countries where the data controllers in Turkey and the relevant foreign country provide a written undertaking for adequate protection, and the KVK Board grants permission.

The KVK Board announces the list of countries that meet these requirements.

12. Classification of Personal Data Under Our Company Policy

In compliance with Law No. 6698 on the Protection of Personal Data, our Company processes Personal Data by categorizing it under specific classifications as described below:

a. Identity Information of the Data Subject: Data related to the identity of the Data Subject, including:

- Name and surname,

- Turkish ID number,

- Marital status,

- Nationality,

- Parents' names and surnames,

- Place and date of birth,

- Gender,

- Driver’s license,

- ID card,

- Passport,

- Tax number,

- Social security number,

- Signature information,

- Vehicle license plate, and other related data.

b. Contact Information of the Data Subject: Data related to the communication details of the Data Subject, including:

- Phone number,

- Address,

- Email address,

- Fax number,

- IP address, and other related data.

c. Transaction Security Information of the Data Subject: Personal Data processed to ensure technical, administrative, legal, and commercial security during the Company's internal and external operations, affecting both the Data Subject and the Company.

d. Financial Information of the Data Subject: Information and documents reflecting any financial outcomes resulting from the labor-employer relationship established with the Data Subject, including:

- Records of processed data,

- Bank account number,

- Branch code,

- Bank card details,

- IBAN number,

- Credit card details,

- Financial profile,

- Credit score,

- Asset data,

- Income information, and other related data.

e. Visual and Auditory Information of the Data Subject: Photographs, camera recordings, audio recordings, and any other data that contains this information.

f. Personnel Information of the Data Subject: Personal Data processed to establish information necessary to protect the personnel rights of individuals with whom the Company has a working relationship.

g. Location Information of the Data Subject: Data identifying the location of the Data Subject, such as GPS location and travel data, obtained during the use of Company vehicles within the scope of the activities and operations of the Company or its collaborators.

h. Information on the Family Members and Relatives of the Data Subject: Data on the family members (e.g., spouse, mother, father, children), relatives, or other individuals who may be contacted in emergencies, collected within the scope of Company or collaborator operations, or to protect the legal and other interests of the Company and the Data Subject.

i. Physical Space Security Information of the Data Subject: Data collected during entry to or within physical spaces, including:

- Camera recordings,

- Fingerprint records,

- Records obtained at security checkpoints, and other related data.

j. Legal Transaction Information of the Data Subject: Data processed within the scope of determining, pursuing, and fulfilling the Company’s legal claims, rights, and obligations.

k. Special Categories of Personal Data of the Data Subject: Data specified under Article 6 of Law No. 6698, including health data, biometric data, religion, and membership information, among others.

l. Request/Complaint Management Information of the Data Subject: Data related to any requests or complaints submitted to the Company by the Data Subject, collected for the purposes of receiving and evaluating such requests or complaints.

13. Purposes of Processing Personal Data Under Our Company Policy

In accordance with Article 10 of Law No. 6698 on the Protection of Personal Data, our Company fulfills its obligation to inform Data Subjects about the purposes of processing Personal Data and to whom and for what purposes the processed data may be transferred.

Your Personal Data is processed within the framework of the conditions for processing Personal Data specified in Articles 5 and 6 of the Law for purposes such as:

- Planning and implementing our human resources policies in the best manner,

- Accurately planning and executing our commercial partnerships and strategies,

- Ensuring the legal, commercial, and physical security of our Company and business partners,

- Ensuring the proper functioning of our Company’s corporate operations,

- Conducting studies to help you benefit from the products and services offered by our Company in the best way,

- Customizing the products and services offered by our Company according to your demands, needs, and preferences, and recommending them to you,

- Ensuring the highest level of data security,

- Creating databases,

- Improving the services provided on our Company’s website,

- Communicating with those who submit requests and complaints to our Company,

- Resolving errors occurring on our Company’s website.

These purposes are strictly limited to the stated objectives.

14. Purposes of Transferring Personal Data Under Our Company Policy

The Personal Data of Data Subjects is transferred for purposes such as:

- Planning and implementing our human resources policies in the best manner,

- Accurately planning and executing our commercial partnerships and strategies,

- Ensuring the legal, commercial, and physical security of our Company and business partners,

- Ensuring the proper functioning of our Company’s corporate operations,

- Conducting studies to help you benefit from the products and services offered by our Company in the best way,

- Customizing the products and services offered by our Company according to your demands, needs, and preferences, and recommending them to you,

- Ensuring the highest level of data security,

- Creating databases,

- Improving the services provided on our Company’s website,

- Communicating with those who submit requests and complaints to our Company,

- Resolving errors occurring on our Company’s website.

These transfers are conducted in accordance with the conditions specified in Articles 8 and 9 of Law No. 6698 and are strictly limited to these stated objectives.

15. Recipients of Personal Data Under Our Company Policy

The Personal Data of Data Subjects may be transferred to:

- Our shareholders,

- Our business partners,

- Our suppliers,

- Our subsidiaries,

- Companies and institutions with which we collaborate,

- Companies from which we receive external services to fulfill our contractual or legal obligations (e.g., security, health, occupational safety, legal services, etc.),

- Authorized institutions and organizations.

These transfers are conducted in accordance with relevant laws and regulations.

16. Methods and Legal Basis for Collecting Personal Data Under Our Company Policy

In accordance with Article 1, which defines the purpose of Law No. 6698 on the Protection of Personal Data, and Article 2, which defines its scope, Personal Data is collected to ensure compliance and monitoring of the law. Personal Data is gathered through:

- Various verbal,

- Written,

- Electronic means using technical and other methods,

- Multiple channels such as call centers, the Company’s website,

- Mobile applications,

- For the purposes outlined in the Policy and in compliance with:

* Legislation,

* Contracts,

* Requests and legal obligations,

* Ensuring the accurate and complete fulfillment of legal responsibilities arising from the law.

After being collected, this data is processed by our Company or by data processors appointed by our Company.

17. Deletion, Destruction, or Anonymization of Personal Data Under Our Company Policy

Without prejudice to the provisions of other laws regarding the deletion, destruction, or anonymization of Personal Data, our Company ensures that Personal Data is deleted, destroyed, or anonymized in accordance with Law No. 6698 on the Protection of Personal Data and other applicable legal provisions. This occurs either ex officio or upon the request of the Data Subject when the reasons requiring the processing of the data no longer exist.

Deletion of Personal Data: Deleted Personal Data is rendered irretrievable and unusable under any circumstances. Accordingly, Personal Data is permanently erased from records stored on mediums such as documents, files, CDs, floppy disks, and hard disks.

Destruction of Personal Data: Destruction refers to making data permanently inaccessible and unusable, ensuring that the data recorded on mediums such as documents, files, CDs, floppy disks, and hard disks is irretrievably destroyed.

Anonymization of Personal Data: Anonymization refers to rendering Personal Data unidentifiable with any specific or identifiable real person, even when matched with other datasets.

18. Retention Period for Personal Data Under Our Company Policy

Our Company retains Personal Data in accordance with the durations stipulated in Law No. 6698 on the Protection of Personal Data and other relevant legislation.

If no specific retention period is defined in Law No. 6698 or other relevant legislation, Personal Data is processed for the duration necessary to fulfill the purpose of the activity for which it was collected. Once the purpose of processing is achieved, the Personal Data is deleted, destroyed, or anonymized.

19. Informing Data Subjects Under Our Company Policy

In accordance with Article 10 of Law No. 6698 on the Protection of Personal Data, our Company informs Data Subjects at the time of obtaining their Personal Data.

Within this scope, the following details are provided to the Data Subjects:

- The identity of the Company representative, if applicable,

- The purposes for which the Personal Data will be processed,

- To whom and for what purposes the processed Personal Data may be transferred,

- The method and legal basis for collecting Personal Data,

- The rights of the Data Subject regarding their Personal Data.

20. Rights of Data Subjects Under Law No. 6698 and Our Company Policy

In accordance with Article 10 of Law No. 6698 on the Protection of Personal Data, our Company informs all individuals about their rights, guides them on how to exercise these rights, and implements the necessary administrative and technical arrangements to facilitate this process.

Under Article 11 of the Law, our Company ensures that individuals whose Personal Data is processed are informed about their rights, which include the ability to:

- Learn whether their Personal Data is being processed,

- Request information if their Personal Data has been processed,

- Learn the purpose of processing their Personal Data and whether it is being used in accordance with that purpose,

- Know the third parties to whom their Personal Data has been transferred, whether domestically or abroad,

- Request the correction of incomplete or inaccurate Personal Data,

- Request the deletion or destruction of their Personal Data under the conditions specified in Article 7 of the Law,

- Request notification of the actions taken under Article 11(d) and 11(e) of the Law to third parties to whom the data has been transferred,

- Object to any unfavorable outcome derived solely from the automated processing of their Personal Data,

- Demand compensation if they suffer damage due to the unlawful processing of their Personal Data.

Application and Response Process: Requests related to the implementation of the Law can be submitted to our Company by:

- Filling out the Personal Data Protection Law Data Subject Application Form,

- Submitting the application in writing, with a secure electronic signature, or through other methods determined by the Personal Data Protection Board (“Board”).

Applications should be sent to the address specified in the application form.

Our Company will evaluate the requests and respond within the shortest possible time, and no later than 30 days, free of charge. However, if the requested action incurs an additional cost, the Company may charge a fee as determined by the tariff set by the Board.

- If the request is accepted, our Company will fulfill the necessary actions.

- If the request is denied, the reasons will be provided to the Data Subject in writing or electronically.

- If the request is due to an error by our Company, any collected fees will be refunded to the Data Subject.

If the application is denied, the response is insufficient, or no response is provided within the prescribed time, the Data Subject has the right to file a complaint with the Board within 30 days from the date they learn of the response or, in any case, within 60 days from the application date.

21. Circumstances Where the Policy and Law Are Partially or Fully Inapplicable Under Our Company Policy

This Company Policy and the provisions of the Law do not apply in the following cases:

- When Personal Data is processed by real persons entirely within the scope of activities related to themselves or their family members living in the same household, provided that the data is not shared with third parties and data security obligations are met.

- When Personal Data is processed for purposes such as research, planning, and statistics by anonymizing the data for official statistics.

- When Personal Data is processed for artistic, historical, literary, or scientific purposes, or within the scope of freedom of expression, provided that the data does not violate national defense, national security, public security, public order, economic security, privacy of private life, or personal rights, and does not constitute a crime.

- When Personal Data is processed as part of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order, or economic security.

- When Personal Data is processed by judicial authorities or enforcement agencies for investigation, prosecution, trial, or execution proceedings.

Additionally, the obligations related to informing the Data Subject under Article 10 of Law No. 6698, the rights of the Data Subject under Article 11 (except the right to demand compensation for damages), and the obligation to register with the Data Controllers Registry under Article 16 do not apply in the following cases, provided that they are in compliance with the purpose and fundamental principles of the Law and are proportionate:

- When Personal Data processing is necessary for the prevention of a crime or for criminal investigations.

- When Personal Data is made public by the Data Subject.

- When Personal Data processing is required for supervisory or regulatory activities by authorized public institutions and organizations or professional organizations acting as public institutions, based on the authority granted by law, or for disciplinary investigations or prosecutions.

- When Personal Data processing is necessary to protect the economic and financial interests of the State in matters related to budget, taxation, and financial affairs.

22. Classification of Data Subjects Under Our Company Policy

This Policy and the provisions of the Law apply exclusively to real persons. The Data Subjects covered by this Policy are categorized as follows:

Job Applicant: Real persons who have applied for a job with the Company through any means or have made their CVs and related information available for the Company's review.

Group Company Customer: Individuals whose Personal Data has been obtained through EMA Safety Shoes

Company Business Partner, Shareholder, Representative, Employee: Real persons engaged in any business relationship with the Company or with real and legal persons (e.g., business partners, suppliers) in business relations with the Company, including their employees, shareholders, and representatives.

Company Customer: Real persons who use or have used the products and services offered by the Company, regardless of whether they have a contractual relationship with the Company.

Potential Customer: Real persons who have shown interest in the Company’s products and services or are evaluated as potentially interested, based on commercial practices and good faith principles.

Company Shareholder: Shareholders of EMA Safety Shoes

Company Representative: Members of the board of directors and other authorized individuals of EMA Safety Shoes

Third Party: Individuals who are not covered by EMA Safety Shoes Employee Personal Data Protection and Processing Policy and who do not fall under any of the other Personal Data Subject categories defined in this Policy.

Visitor: Real persons who have entered the physical premises owned by the Company for various purposes or have visited the Company’s websites for any reason.

Matching Personal Data with Data Subject Categories: In line with the definitions and classifications provided, the matching of categorized Personal Data with categorized Data Subjects ensures proper and compliant processing under the Company's Policy. This structured alignment helps the Company manage and protect Personal Data responsibly and legally.

If you would like to expand on specific details regarding this matching or data handling, please let me know!

Identity Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Contact Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

This matching ensures the proper and compliant processing of identity and contact information for these categorized Data Subjects under the Company’s Policy and applicable legal requirements.

Transaction Security Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Financial Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Visual and Auditory Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Personnel Information: Includes the following Data Subjects; Business Partner (including their shareholders, representatives, and employees), Job Applicant, Third Party.

Location Information: Includes the following Data Subjects; Business Partner (including their shareholders, representatives, and employees).

Family Members and Relatives Information: Includes the following Data Subjects; Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Physical Space and Security Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Legal Transaction Information: Includes the following Data Subjects; Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Third Party.

Special Categories of Personal Data: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.

Request/Complaint Management Information: Includes the following Data Subjects; Company Shareholder, Company Representative, Company Customer, Group Company Customer, Potential Customer, Business Partner (including their shareholders, representatives, and employees), Job Applicant, Visitor, Third Party.