- Explicit Consent: Consent on a specific subject, based on information and expressed with free will.

- Anonymization: Making the data previously associated with a person impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

- Employee Candidate: Natural persons who do not work for CarbonEmit but have the status of employee candidate.

- Personal Data: Any information relating to an identified or identifiable natural person.

- Data Subject: The natural person whose personal data is processed.

- Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

- Law: Law No. 6698 on the Protection of Personal Data published in the Official Gazette dated April 7, 2016 and numbered 29677.

- Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

- Policy: Marsala Yazılım Inc. Personal Data Processing and Protection Policy

- Company: CarbonEmit or Marsala Yazılım Inc.

- Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.

- Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically.

- Data Recording System: The recording system where personal data is structured and processed according to certain criteria.

- Business Partners: Persons with whom CarbonEmit has established a partnership within the scope of contractual relations within the framework of its commercial activities.

- Customers: Refers to natural persons who benefit from the products and services offered by CarbonEmit.

- Potential Customers: Natural persons who show interest in the products and services offered by CarbonEmit and have the potential to become customers.

- Employee Candidates: Refers to natural persons who apply for a job by sending a CV to CarbonEmit or by other means.

- Third Parties: Refers to the above categories of data subjects and natural persons other than CarbonEmit employees.

- Identity data: Information contained in documents such as driver's license, identity card, residence card, passport, lawyer ID, marriage certificate.

- Contact information: Information used to contact the person (e.g. e-mail address, telephone number, mobile phone number, address).

- Location information: Information used to determine the location of the data subject (e.g. location information obtained while driving).

- Customer data: Information about customers who benefit from our products and services (e.g. customer number, occupation information, etc.).

- Customer transaction information: Information regarding any transaction performed by customers who use our products and services.

- Physical location security information: Personal data related to records and documents such as camera recordings, fingerprint records taken at the entrance to the physical space, during the stay in the physical space.

- Transaction security information: Personal data processed to ensure technical, administrative, legal and commercial security while CarbonEmit conducts its business activities.

- Financial information: Personal data processed in relation to information, documents and records showing all kinds of financial results created according to the type of legal relationship CarbonEmit has established with the personal data subject.

- Employee candidate information: Personal data processed in relation to individuals who have applied to become an employee of CarbonEmit or who have been evaluated as an employee candidate in line with human resources needs in accordance with commercial customs and honesty rules or who are in a working relationship with CarbonEmit.

- Legal process and compliance information: Personal data processed within the scope of determination and follow-up of CarbonEmit's legal receivables and rights and performance of its debts and compliance with its legal obligations and company policies.

- Audit and inspection information: Personal data processed within the scope of CarbonEmit's legal obligations and compliance with company policies.

- Special categories of data: Personal data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

- Marketing information: Personal data processed for the marketing of the products and services offered by CarbonEmit by customizing them in line with the usage habits, tastes and needs of the personal data owner, and the reports and evaluations created as a result of this processing.

- Request/complaint management information: Personal data relating to the receipt and evaluation of any requests or complaints addressed to CarbonEmit.

- Reputation management information: Information collected for the purpose of protecting CarbonEmit's business reputation, and information about the evaluation reports and actions taken.

- Incident management information: Personal data processed in order to take necessary legal, technical and administrative measures to protect CarbonEmit's commercial rights and interests and the rights and interests of its customers.

- If the personal data owner has explicit consent,

- If the personal data subject does not have explicit consent,

- Sensitive personal data other than the health and sexual life of the personal data owner, in cases stipulated by law,

- Sensitive personal data relating to the health and sexual life of the personal data subject are processed only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality.

- Business Partners: Parties with whom CarbonEmit has established a business partnership while conducting its business activities

- Sharing of personal data limited to the purpose of ensuring the fulfillment of the purposes for which the business partnership was established

- Shareholders: Shareholders authorized to design CarbonEmit's strategy and oversight of its business operations in accordance with the relevant regulatory provisions

- Sharing of personal data limited to the design of strategies for CarbonEmit's business activities and for audit purposes

- Company Authorized Persons: Board members and other authorized persons

- Sharing of personal data limited to designing strategies for CarbonEmit's business activities, ensuring their management at the highest level and for audit purposes

- Legally Authorized Public Institutions and Organizations: Public institutions and organizations legally authorized to receive information and documents from CarbonEmit

- Sharing personal data limited to the purpose of requesting information by the relevant public institutions and organizations

- Legally Authorized Private Law Persons: Private legal persons legally authorized to receive information and documents from CarbonEmit

- Sharing data limited to the purpose requested by the relevant private law persons within their legal authority

- To find out whether his/her personal data is being processed,

- Request information if their personal data has been processed,

- To learn the purpose of processing personal data and whether they are used for their intended purpose,

- To know the third parties to whom personal data is transferred domestically or abroad,

- To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,

- Although it has been processed in accordance with the provisions of the PDP Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,

- In the event that the processed data is analyzed exclusively through automated systems and a result occurs to the detriment of the person himself/herself, to object to this result,

- In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

- If personal data is not obtained directly from the data subject, CarbonEmit carries out activities to inform data subjects (1) within a reasonable period of time from the acquisition of personal data, (2) if personal data will be used for communication with the data subject, during the first communication, (3) if personal data will be transferred, at the latest during the first transfer of personal data.

- Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data is not disclosed to third parties and data security obligations are complied with,

- Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,

- Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,

- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,

- Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution procedures.

- Pursuant to Article 28.2 of the PDP Law; in the cases listed below, personal data owners cannot assert their other rights listed in 5.1, except for the right to claim compensation for the damage:

- Processing of personal data is necessary for the prevention of crime or criminal investigation,

- Processing of personal data made public by the personal data subject himself/herself,

- Personal data processing is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,

- Processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and fiscal matters.