HUMY AGREEMENT

Contact Us

app.alphameal@gmail.com

Drawing up the Contract

You can become a member of the Humy system by filling out the user registration form or by subscribing to social media networks (Facebook, Twitter, Pinterest and the like) at www.humyapp.net or through websites that can be accessed through this address. Each Humy service provider agrees and undertakes to comply with the provisions of this User Agreement (Agreement) concluded with ALPHA E-TİCARET LİMİTED ŞİRKETİ (Humy)

Services

Humy offers to service providers the opportunity to order food from applications and service providers that can be developed on the internet, mobile phones, smart TV systems or similar platforms and other related services

Service Provider Obligations

The service provider accepts, declares and undertakes that the information on the service provider registration form is correct and that only one e-mail can be defined for each User name created in Humy while using Humy services. The Service Provider accepts, declares and undertakes that the defined e-mail address cannot be changed, and a new e-mail address can only be defined when a new user is created on Humy. The service provider agrees, declares and undertakes that in cases where this information is required, it is responsible for the damages of itself or third parties arising from incorrect or incomplete information (such as forgetting a password), and in such cases, Humy membership may be terminated. The service provider acknowledges, declares and undertakes that he / she is responsible for all kinds of transactions he / she makes with the Username or registered e-mail address. The service provider acknowledges, declares and undertakes that the copyright of the services and software provided by Humy belongs to Humy and that they shall not reproduce or distribute these software in any way. The service provider acknowledges, declares and undertakes that the personal opinions, thoughts, expressions, files added to Humy environment and the personal information it sends when using Humy services. The service provider accepts, declares and undertakes that Humy cannot be held responsible for these files, including but not limited to any disputes that may arise between the service provider and the user. The service provider acknowledges, declares and undertakes that Humy is free to publish or not publish these opinions and thoughts, and that it has the right to edit these opinions and comments through moderators and correct spelling errors. The service provider acknowledges, declares and undertakes that the services provided by Humy may sometimes contain content belonging to people over the age of 18, and that Humy shall not be responsible for displaying this content illegally. The service provider agrees, declares and undertakes that Humy shall not be responsible for information messages and files that shall be lost and / or received incompletely or sent to the wrong address during the use of Humy services. The service provider agrees, declares and undertakes not to access the services provided by Humy in a manner other than as determined by Humy or in an unauthorized manner and not to modify the software in any way. The service provider agrees, declares and undertakes not to use the ones that are obvious to have been changed and to compensate for all material and moral damages Humy may incur in cases where they do not comply with the aforementioned rules. The service provider agrees that the sales of tobacco products and alcoholic beverages are strictly not made through Humy in accordance with the Regulation on the Procedures and Principles Regarding the Sale and Presentation of Tobacco Products and Alcoholic Beverages and the relevant legislation. The service provider agrees, declares and undertakes not to provide tobacco products and alcoholic beverages through Humy and not to make any requests to service providers in this regard, and otherwise actions may result in the cancellation of membership and the termination of this Agreement. The service provider accepts, declares and undertakes that Humy cannot be held responsible for any damages that may arise from unauthorized reading or use of the service provider data. The service provider agrees, declares and undertakes that Humy shall not be responsible for any damages that may arise from unauthorized use, sharing or publication of the service provider shares by third parties. The service provider accepts, declares and agrees not to use usernames, photographs and nicknames that are threatening, immoral, racist, contrary to the laws of the Republic of Turkey, international agreements, containing political messages, violating the intellectual or industrial property rights of third parties. The service provider agrees, declares and undertakes not to send messages or comments that violate the above-mentioned points. The Service Provider accepts, declares and undertakes that the usernames, photographs, correspondence, subject titles and nicknames to be added to the Media are in accordance with general ethics, etiquette and legal rules. The Service Provider accepts, declares and undertakes that it does not contain political messages. With regard to the user, the phrases in question, correspondence and photos. The Service Provider acknowledges, declares andundertakes that all publishing, processing and reproduction, dissemination, representation, sign, sound or image transfer, transfer and assignment rights to third parties are transferred to Humy. The Service Provider accepts, declares and undertakes that all financial rights listed in the Law on Intellectual and Artistic Works numbered 5846 and dated 5.12.1951, including the above, are transferred to Humy. The service provider agrees, declares and undertakes not to harass or threaten other users and service providers. uF0B7 The service provider agrees, declares and undertakes not to act in a way that adversely affects other users' use of the Humy system. uF0B7 The service provider accepts, declares and undertakes that it shall not abuse the services contained in the Humy system or the systems and applications developed in connection with it, and shall not act in a manner that violates or damages the rights of other users using this system. And the service provider acknowledges, declares and undertakes that the responsibility for all damages incurred by Humy or the relevant user as a result of such abuse is entirely his / her own. And the service provider agrees, declares and undertakes that Humy has the right to close or limit the username, profile photo and similar parts of this user's account in the relevant service or to terminate the Humy membership if such usage is detected. uF0B7 The service provider agrees, declares and undertakes not to publish, reproduce or distribute any defamatory, defamatory, immoral, indecent or illegal material or information on the names of persons or institutions. uF0B7 The service provider agrees, declares and undertakes not to advertise, sell or offer any goods or services, or engage in surveys, contests or chain letter activities. uF0B7 The service provider agrees, declares and undertakes not to send any information or programs that may damage the information or software on other users' computers. uF0B7 The service provider acknowledges, declares and undertakes that any records or materials obtained using Humy services are entirely within the user's consent. The service provider agrees, declares and undertakes that it is entirely responsible for the malfunctions, loss of information and other losses that it may cause in its own computer, and that it shall not claim compensation from Humy for any damages that may be incurred due to the use of Humy system. uF0B7 The service provider agrees, declares and undertakes not to use Humy services for commercial or advertising purposes without obtaining permission from Humy. uF0B7 The service provider acknowledges, declares and undertakes that Humy can monitor the entire system at any time or continuously. uF0B7 If the service provider acts against the Rules, Humy has the right to take the necessary interventions, exclude the user from service and terminate the membership, uF0B7 The service provider, Humy, agrees, declares and undertakes that it can use its system for commercial purposes. uF0B7 The service provider agrees, declares and undertakes not to transmit information that is prohibited by law and not to share data that are not authorized to be sent such as chain mail, software virus (etc.). uF0B7 The service provider agrees, declares and undertakes not to record, disseminate, or misuse personal information belonging to others. uF0B7 • The service provider accepts, declares and undertakes that cookies (cookies / cookies) are used in the Humy system, that cookies are pieces of information that a website transfers to the cookie file on the hard disk of the user's computer. The service provider acknowledges, declares and undertakes that these enable users to navigate Humy and help to prepare content suitable for the needs of users accessing the site when necessary.

Authorities Granted to Humy

Humy can temporarily suspend or stop the system operation at any time. Humy may temporarily suspend the users' ability to make payments via the Online Payment Method due to user transactions that raise suspicion of security. Or Humy can stop this payment option altogether. Humy shall not have any liability to its users or third parties due to the temporary suspension or complete cessation of the use of the system or the Online Payment Method. Username or e-mail and password shall be displayed and approved after filling in the application fields provided by Humy. Humy shall exclusively prevent members who have completed the user registration form completely or service e providers who log in to the Humy system from having a new password or using their passwords indefinitely. Humy shall show the necessary care to provide its services in a timely, secure and error-free manner, to ensure that the results obtained from the use of the service are accurate and reliable, and that the service quality meets expectations. However, Humy does not undertake these. Humy has the authority to back up and delete some or all of the files and messages that they shall keep in the environment during the use of the system at periods that it deems appropriate. Humy shall not be held responsible for backup and deletion. Humy produces and / or purchases information, documents, software, designs, graphics, etc. has the copyrights of the works arising from ownership and ownership. Sales in the Humy system are limited to the availability of service provider menus at the time of order. Humy may not be able to deliver products that are not available in the relevant service provider to the user. The display of products in Humy system does not mean that they are in stock. In addition, Humy shall not be responsible in cases such as weight deficiencies, food defects in the order received after the order and Humy shall be recourse to the service provider. Humy has the right to publish, process and share in all kinds of written and visual media the information, documents, software, designs, graphics, etc., produced by its users and uploaded to the system for publication (For example, user pictures, message, poem, news, file added to the clipboard) Humy has the right to move the above mentioned information and documents to another address deemed appropriate by Humy or to remove them from the website at its own discretion. It is possible for this published information to be copied, processed and / or published by other users. In such cases, the user shall not demand any royalties from Humy. The obligation to change the price and product specification information of the products offered for sale in the Humy system belongs to the service provider in the Humy system. If an error occurs in the price and product specification information, Humy can inform the users and make the product delivery or cancel the order in order to correct this error. Humy shall show the necessary care to make a correct and honest explanation about the content of the products offered for sale in the system. However, Humy is not responsible for any problems or damages that may arise due to incomplete and / or incorrect statements made by service providers regarding the order contents. Humy can allow the user to switch to websites outside of the Humy system. In this case, the service provider agrees in advance that Humy is not responsible for the content of the sites to which it shall switch. Humy services that do not require user membership can be transformed into a membership requiring membership over time, and additional services can be opened. Humy may partially or completely change some of its services or convert them into paid ones. In this case, the user reserves the right to leave the membership by terminating the Agreement. Humy may make changes in the application of this Agreement, change the existing articles or add new articles, provided that it is not against the users, in order to comply with thetechnical requirements and legislation that may arise in the future. Humy is not responsible for the content provided by service providers.

Purpose of usage

Service Providers accept that all orders placed and all purchases made on the Humy system are for personal use. In addition, Service Providers acknowledge that these are not intended for resale.

Payment

Humy users can pay for the order they place on the Humy system at the time of delivery, as they choose from the options offered by the relevant service provider in the Humy system. Users shall also be able to make instant online payments using the Online Payment Method, via debit card, credit card or a similar payment instrument and other payment systems (eg PayPal). In payments made using the Online Payment Method option, if the card is used illegally by someone other than the holder. In this case, action is taken in accordance with the provisions of the Bank Cards and Credit Cards Law No. 5464 dated 23.02.2006 and the Regulation on Bank Cards and Credit Cards published in the Official Gazette dated 10.03.2007 and numbered 26458. Users fulfill their payment obligations by making the payment to Humy for orders placed using the Online Payment Method. Online payment method using Valet Service, including but not limited to credit card / debit card payment method at the door, cash payment method at the door, Humy is exclusively authorized to collect the costs of the ordered products from the Users on behalf and account of the service providers for orders made by all kinds of payment methods. Users fulfill their payment obligations against Humy by making the payment with all kinds of payment methods including but not limited to online payment method, credit card / debit card payment method at the door, cash payment method at the door for orders placed using the valet service.

Personal Data

While the Service provider is enrolling to Humy, approving the Service provider Agreement and during his / her movements on the Website after membership, agrees and declares that they expressly consent to the transfer of their personal data (Personal Data) such as name, surname, e- mail address, order address / addresses, telephone number, which they share with the data controller Humy, to third parties and abroad. The Service provider also accepts and declares that he expressly consents to the processing within the framework of the principles set forth in the Law on the Protection of Personal Data and to be transferred to third parties and abroad. The processing and transfer of Personal Data to third parties and abroad is based on the legal relationship established between the User and Humy. Personal Data can be processed by Humy and Humy affiliates within the scope of this contractual relationship and by business partners of Humy and its affiliates for marketing, analysis, statistics purposes, transferred to third parties and abroad or used by anonymization. In addition, Service providers accept and declare their explicit consent to the anonymous use of order information other than their Personal Data (such as the service providers they order, the type of product ordered, the number of orders, the order time, the website or similar mobile or electronic media used, such as all behavior on the website, order details) Service providers acknowledge and agree that they have their express consent to the recording, processing and listing of all behaviors, such as order details and similar data (Data) on the website by Humy, Humy affiliates and business partners. Service providers acknowledge and declare their explicit consent to use this information anonymously to provide a better service with third parties in analysis or to run various applications or programs on Humy

Product Delivery

In the process of product delivery made by the service provider, if the user cannot be found at the address selected in the Humy system, the order shall not be left to another address. In this case, the user has to accept the legal obligations that shall arise because the user has placed an order to an address where he is not present.

Refund

Limited to orders paid by the Online Payment Method, refund to the user but mandatory cancellation of the order because the user's address is outside the shipping area of the ordered service provider; Mandatory cancellation of the order due to failure to deliver the order to the relevant service provider; Cancellation of the order upon the request of the user in cases where the order has not been prepared by the service provider or the system has approved the cancellation although the order has been prepared; Compulsory cancellation of the order partially or completely due to the fact that part or all of the order is not available from the service provider; Order cancellation following the approval of the relevant service provider due to dissatisfaction with the ordered product; In case of delay in the delivery of the ordered product, it shall be made in case of cancellation made upon the approval of the relevant system. If a relevant receipt or invoice related to the order subject to cancellation has been drawn up and delivered to this user, it must be returned to the relevant Humy officer. Humy reserves the right not to make a refund only for reasons arising from the user (for example, the user is not at home, gives wrong address information, does not receive the order).

Storage of Information and onus of proof

User information, orders, comments / reviews etc. registered in Humy system are kept for at least three (3) years subject to Humy Privacy Policy. In any dispute arising from the performance of this Agreement, the data stored in the Humy system and user records constitute binding and conclusive evidence. This Agreement is subject to the laws of the Republic of Turkey. Istanbul Central Court and Execution Directorates are authorized to resolve any disputes that may arise from the performance of the Contract.

Enforcement and Termination

This Agreement enters into force between the parties indefinitely from the time the user fills in the user registration form. The parties may terminate this Agreement at any time. At the time of termination of the contract, the rights of the parties to each other are not affected.

PRIVACY NOTICE

With this Privacy Notice, you acknowledge that you are enlightened about the processing of your personal data and that you consent to the use of your personal data as described herein. This Privacy Notice contains the terms and conditions for the use of the following data: data about the www.humyapp.net website (Site) operated by ALPHA E-TİCARET LİMİTED ŞİRKETİ (HUMY) / Data shared with HUMY by the Site / Mobile application users / members / visitors (Data Owner) during the operation of the mobile application. In addition, the terms and conditions of HUMY regarding the use of personal data generated by the Data Owner during the use of the Site are included..

Which Data We Process?

Your personal data processed by HUMY are categorized in accordance with the Personal Data Protection Law (Law) as stated below. Unless expressly stated otherwise, the term personal data under the terms and conditions provided under this Privacy Notice shall include the following information. Identity and Contact Information: name, surname, phone, address, workplace information, e-mail address.

User Information, User Transaction Information and Financial Information:

Membership information, membership ID number, data about the date and time you used HUMY services, your reasons for contacting HUMY or Live Help, Terms you use while searching on the site and your filtering preferences, points and comments, food preferences restaurant categories you visit, errors during use, invoice and payment information, balance information (Data such as invoices sent to the user and receipt samples for payments received from users, invoice number, invoice amount, invoice date)

Location Information:

Specific or approximate location information about your location, such as GPS data, that we have obtained during your use of HUMY's services.

Transaction Security Information:

log in credential information, password information

Marketing Information:

Reports and evaluations showing your habits and tastes, targeting information, cookie records, etc.

Request / Complaint Management Information:

Your requests and complaints on the Site and your comments on the Site.

Risk Management Information: IP address

The data anonymized within the framework of Articles 3 and 7 of the Law will not be considered as personal data in accordance with the provisions of the aforementioned law, and the processing activities related to these data will be carried out without being bound by the provisions of this Privacy Notice. For the application regarding whether your data is processed or not, see HUMY Personal Data Processing and Protection Policy (Personal Data Protection Policy).

What is the Purpose of Use of Your Data?

Your personal data you share with HUMY will be processed for the following reasons in order for you to benefit from the Site and the services provided through the Site or Mobile application: Performing your membership registration to the Site, updating the membership registration, improving the services offered by HUMY and through the Site, introducing new services and conducting commercialactivities, determining and implementing commercial and business strategies, including providing you with the necessary information in this direction, Ensuring the legal and commercial security of HUMY and persons in business relations with HUMY In this context, it can be processed to provide you with the necessary information and to fulfill the obligations arising from the nature of these activities. The personal information in question may be used to communicate with you or to improve your experience on the Site or the Mobile application (managing the communication management process, conducting satisfaction surveys, etc.). In addition, these data can be used within the scope of internal reporting and business development activities, and can also be used for the purposes of making various statistical evaluations, creating a database and engaging in market research without revealing your identity. The information in question may be processed, stored and forwarded to third parties by HUMY for direct marketing, digital marketing, remarketing, targeting, profiling and analysis purposes. And you may be contacted through the aforementioned information in order to make notifications about various applications, products and services, maintenance and support activities. HUMY will also be able to process and share personal data with third parties in accordance with Articles 5 and 8 of the Law and / or in case of exceptions in the relevant legislation, without obtaining your separate consent as the Data Owner. The main of these situations are listed below: It is clearly stipulated in the laws. It is compulsory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid, It is necessary to process personal data, provided that it is directly related to the establishment or performance of any contract between the Data Owner and HUMY, It is mandatory for HUMY to fulfill its legal obligations, It has been made public by the Data Owner himself/herself. Data processing is mandatory for the establishment, use or protection of a right, Data processing is mandatory for the legitimate interests of HUMY, provided that it does not harm the fundamental rights and freedoms of the Data Owner. As mentioned above, HUMY will be able to use cookies and within this scope, process data and transmit it to third parties for the purpose of processing data within the scope of analysis services offered by third parties, only to the extent required by these analysis services. The mentioned technical communication files are small text files that the Site sends to the Data Owner browser to be stored in the main memory. The technical communication file stores the status and preference settings about a website, making it easier to use the site in this sense. The technical communication file is designed to obtain statistical information about how many people use the websites in temporal proportion, for what purpose, how many times a person visits a website and how long he stays. In addition, the technical communication file is designed to dynamically generate advertisements and content from user pages specially designed for users. It is used for these purposes. The technical communication file is not designed to retrieve any other personal data from the main memory. Most of the browsers are initially designed to accept the technical communication file, but users can always change the browser settings so that the technical communication file does not arrive or the technical communication file is sent.

Who Can Access Your Data?

HUMY will be able to transfer your personal data and new data obtained using this personal data to restaurants in order to achieve the purposes specified under this Privacy Notice, limited to the provision of such services. Improving your HUMY user experience (including improvement and customization), ensuring your security, detecting fraudulent or unauthorized use, operational evaluation research, Elimination of errors related to site services and to accomplish any of the purposes contained in this Privacy Notice. will be able to share this data with third parties such as outsourcing service providers, hosting service providers (hosting services), law firms, including those who send e-mail and SMS. As a Data Owner, you agree that the aforementioned third parties may store your personal data on their servers all over the world, provided that you are limited to the aforementioned purposes, and that you consent to this in advance. As the Data Owner, you undertake that your information subject to this Privacy Notice is complete, accurate and up-to-date, and that you will update them immediately in case of any change in this information. HUMY will not have any responsibility if you do not provide up-to-date information. As a Data Owner, if you make a request that will result in HUMY not being able to use any of your personal data, you acknowledge that you may not be able to take full advantage of the operation of the Site or the Mobile application and declare that you will be responsible for all kinds of responsibilities arising in this context.

How Long We Keep Your Data?

Your personal data you have shared with HUMY are kept for the period required by the purposes specified in this Privacy Notice and for the period of limitation specified in the relevant legislation of HUMY. In addition, in case of any conflict between you and HUMY, your personal data may be kept limited in order to make the necessary defenses within the scope of the dispute.

How We Ensure the Security of Your Data?

HUMY, under the conditions specified in the relevant legislation or stated in this Privacy Notice, takes the necessary technical and administrative measures to ensure that personal data are not processed illegally and that personal data are not accessed illegally, and have the necessary inspections. And HUMY takes necessary technical and administrative measures to ensure the protection of personal data, taking the necessary technical and administrative measures to ensure the minimum level of security, taking into account the appropriate conditions and costs, and has the necessary inspections. HUMY also does not disclose the personal data it obtains from you in violation of the provisions of this Privacy Notice and the Personal Data Protection Law, and does not use it for purposes other than processing. In case of linking to other applications through the site, HUMY does not bear any responsibility for the privacy policies and contents of the applications and recommends that you review these texts.

CHANGES IN THE PRIVACY POLICY

This Privacy Notice may be updated from time to time to keep up with changing conditions and legislation.

COOKIE POLICY

As ALPHA E-TİCARET LİMİTED ŞİRKETİ (HUMY), we use Cookies to make the most of our websites and to improve your user experience. If you do not prefer to use cookies, you can delete or block Cookies from your browser's settings. However, we would like to remind you that this may affect your use of our websites. Unless you change your cookie settings from your browser, we will assume that you accept the use of cookies on our websites. You can find the regulations regarding the data collected in the Privacy Notice Text on our websites.

What Is A Cookie And Why Is It Used?

Cookies are small text files stored by websites you visit on your device or network server via browsers. For more detailed information, you can visit: http://www.aboutcookies.org/ and http://www.allaboutcookies.org/. The main purposes of using cookies on the platform are: To improve the services offered to you by increasing the functionality and performance of our websites, To improve our websites and to offer new features on the Platform and to personalize the offered features according to your preferences, To ensure the legal and commercial security of our websites, you and HUMY.

Types of Cookies Used on Our Websites

Session Cookies:

Session cookies are temporary cookies that are used during our visitors' visit to the Website and are deleted after the browser is closed. The main purpose of using such cookies is to ensure the proper functioning of the Website during your visit. For example; You are provided to fill in online forms consisting of multiple pages.

Persistent Cookies:

Persistent cookies are types of cookies used to increase the functionality of the Website and to provide a faster and better service to our visitors. These types of cookies are used to remember your preferences and are stored on your device via browsers. Some types of persistent cookies; It can be used to offer you special suggestions, taking into account matters such as your purpose of using the Website. Thanks to persistent cookies, if you visit our Website again with the same device, it will be checked whether there is a cookie created by our Website on your device. And if there is, it is understood that you have visited the site before, and the content to be transmitted to you is determined accordingly and thus, a better service is provided to you.

Categories of Cookies Used on Our Websites.

Technical Cookies:

Technical cookies are used to ensure the operation of the website, and the pages and areas of the website that are not working are detected.

Authentication Cookies:

If visitors log in to the website using their passwords, such cookies are used to determine that the visitor is a site user on each page that the visitor visits on the website, and the user is prevented from re-entering his password on each page.

Customization Cookies:

Cookies used to remember users' preferences when visiting different pages of different websites. For example, remembering your chosen language preference.

Analytical Cookies:

Analytical cookies and cookies that enable the production of analytical results such as the number of visitors to the website, the detection of the pages displayed on the website, the visit hours of the website, the scrolling movements of the website pages.

Cookies Used on Our Websites.

Advertising: It is used to show behavioral and target-oriented advertisements to visitors. 3 months. Possible to accept or decline through browser settings. Facebook: These types of cookies allow Facebook members (or non-members) to be tracked for market analysis and product development. It is possible to accept or decline through the browser settings for 2 years from the first installation of the cookie.

Google analytics:

Such cookies allow the collection of all statistical data to improve the presentation and use of the Site. By adding data on social statistics and interests to these statistics, Google enables us to better understand users. Our site uses Google Analytics cookies. The data collected with the said cookies are transferred to Google servers in the USA and the data in question is kept in accordance with Google's data protection principles.

Adobe Omniture:

Such cookies allow the collection of all statistical data to improve the presentation and use of the Site. 5 years from the first installation of the cookie. 3 years from the first installation of the cookie. 1 month from the first installation of the cookie. Possible to accept or decline via Session Cookie Browser settings

Technical Cookies Session:

Session cookies are used to ensure the continuity of the session. 82 years from its first installation. It is possible to accept or decline through browser settings.

Personalization Cookies Language:

It saves the user's chosen language and provides options accordingly. Unlimited stays on the computer until setup / deletion from the browser. It is possible to accept or decline through browser settings. Mobile If the user visits the Site from a mobile device, it is used to display the main website. (For example, that the device has Flash enabled), or is on a mobile site that doesn't need Flash. The source site is saved to better understand the user's preferences. Possible to accept or decline via Session Cookie Browser settings.

I. INTRODUCTION

The law No. 6698 on the protection of personal data (Law) entered into force on 7 April 2016. By defining personal data, the principles of the protection of personal data and the conditions to be followed by those who have the title of data controller in the processing of this data are included in the Law. According to the Law, personal data is all kinds of information regarding identified or identifiable real persons. The processing of personal data means the following: All kinds of transactions performed on personal data, including obtaining, recording, storing, changing, sharing with third parties and transferring personal data by automatic means or non-automatic means provided that it is a part of any data recording system. ALPHA E-TİCARET LİMİTED ŞİRKETİ (Humy) takes the necessary administrative and technical measures by adopting the principles regarding the protection and processing of personal data in the relevant legislation in order to ensure compliance with the Law. For the scope of this Personal Data Protection and Processing Policy (Policy), see

DATA OWNER AND PERSONAL DATA CATEGORIZATION

The relevant legal regulations in force regarding the processing and protection of personal data will be applied with priority. In case of inconsistency between the current legislation and the Policy, Humy accepts that the applicable legislation will be applied. The policy entered into force on 26/07/2017. In case the whole or certain articles of the Policy are renewed, the effective date of the Policy will be updated. The policy is published on Humy website (www.humyapp.net) and made available to personal data owners. Changes and updates can be made to the Policy in order to comply with the changing conditions and legislation and can be submitted to personal data owners via the relevant website.

II. PROCESSING PERSONAL DATA

II.I. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

Article 20 / III of the Constitution states that personal data can only be processed in cases stipulated by the law or with the express consent of the person, and the protection of personal data is guaranteed. In line with this right granted to personal data owners, Humy processes personal data in accordance with the principles specified in the relevant legislation or in cases where the person has express consent: - Processing in accordance with the Law and the Rules of Good Faith - Ensuring that Personal Data is Accurate and Updated when Required - Processing for Specific, Clear and Legitimate Purposes - Being Related, Limited and Measured for the Purpose of Processing - Preserving for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are processed

II.II. CONDITIONS AND PURPOSE OF PROCESSING PERSONAL DATA

In principle, personal data can only be processed in cases with the explicit consent of the personal data owner. In the 5th article of the Law, the terms regarding the processing of personal data and article 6 of the special quality data are included. The law defines personal data that, when unlawfully processed, have the risk of causing victimhood or discrimination, as personal data of special nature. In the 6th article of the Law, special quality personal data are counted in a limited way. And these include the following data of persons: Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and association, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic. We do not process personal data of customers / users, etc., as specified in the policy above. The explicit consent of the data owner should be explained on a specific subject, based on information and with free will. In the presence of one or more of the conditions mentioned below, personal data may be processed without the explicit consent of the owner. Humy processes personal data in accordance with the general principles specified in Article 4 of the Law in accordance with the purposes and conditions stated below. Regarding general personal data; - It is explicitly stipulated by the Laws that Humy should engage in relevant activity regarding the processing of your personal data - Humy is obliged to process personal data for the protection of the life or body integrity of the personal data owner or another person, and in this case, the personal data owner is unable to disclose his consent due to actual or legal invalidity. - The processing of your personal data by Humy is directly related and necessary with the establishment or performance of a contract - Processing of your personal data is mandatory for Humy to fulfill its legal obligation - Provided that your personal data are made public by you; processing by Humy in a limited way for your publication purpose - The processing of your personal data by Humy is mandatory for the establishment, use or protection of Humy or your or third parties' rights - It is mandatory to perform personal data processing for the legitimate interests of Humy, provided that it does not harm your fundamental rights and freedoms In this context, personal data are processed by Humy for the following purposes: - Planning, auditing and execution of information security processes - Establishing and managing information technology infrastructure - Planning and execution of employees' access rights to user information - Following finance and / or accounting works - Follow-up of legal affairs - Planning and / or execution of activities of efficiency / productivity and / or appropriateness analysis of business activities- Planning and execution of business activities - Planning and execution of information access authorizations of restaurants and business partners and / or suppliers - Management of relationships with restaurants and business partners and / or suppliers - Planning and / or execution of business continuity activities - Planning and execution of corporate communication activities - Planning and execution of logistics activities - Planning and execution of customer / user relationship management processes - Planning and / or execution of customer / user satisfaction activities - Tracking customer / user requests and / or complaints - Conducting activities to determine the financial risks of customers / users - Planning and / or execution of after sales support services activities - Planning and execution of company audit activities - Planning and execution of the operational activities required to ensure that the company activities are carried out in accordance with the company procedures and / or the relevant legislation. - Ensuring the security of company operations - Planning and execution of relevant processes in order to obtain the highest benefit from the products or services offered by the company - Follow-up of contractual processes and / or legal requests - Execution of strategic planning activities - Planning and execution of production and / or operation processes - Planning and execution of market research activities for the sales and marketing of products and services - Planning and execution of marketing processes of products and / or services - Planning and execution of the sales processes of products and / or services - Ensuring that the data are accurate and up-to-date - Providing information to the authorized institutions based on the legislation

III. TRANSFER OF PERSONAL DATA

III.I. GENERAL PRINCIPLES ON THE TRANSFER OF PERSONAL DATA

In the 8th and 9th articles of the Law, the issues regarding the transfer of personal data in the country and abroad are included. Humy can transfer personal data / special quality personal data of the data owner to third parties by taking the necessary security measures in line with data processing purposes. In this direction, Humy will be able to transfer personal data to third parties in the presence of one of the processing conditions specified in Part II and the following conditions: - If the personal data owner has explicit consent, - If there is an explicit regulation in the laws that personal data will be transferred, - If it is necessary for the protection of the life or body integrity of the personal data owner or someone else and if the personal data owner is unable to disclose his consent due to actual impossibility or his consent is not legally valid; - If it is necessary to transfer personal data belonging to the parties of the contract, provided that it is directly related to the establishment or performance of a contract, - If personal data transfer is mandatory for Humy to fulfill its legal obligation, - If the personal data has been made public by the personal data owner, - If personal data transfer is mandatory for the establishment, exercise or protection of a right, - If personal data transfer is mandatory for the legitimate interests of Humy, provided that the fundamental rights and freedoms of the personal data owner are not harmed..

III.II. TRANSFER OF PERSONAL DATA ABROAD

Humy will be able to transfer the personal data of the personal data owner abroad for legitimate and lawful personal data processing purposes in the following cases: - If the data owner has explicit consent, or - If the data owner does not have an explicit consent but one or more of the other conditions mentioned above exist; (i) Adequate protection exists in the country where the data is transferred and (ii) if there is not enough protection in the country where the data is transferred, provided that Humy undertakes sufficient protection in writing together with the data controller in the relevant foreign country and the permission of the Personal Data Protection Board is obtained

III.III. THIRD PARTIES TO WHICH PERSONAL DATA IS TRANSFERED

Humy may transfer the personal data of data owners managed by the Policy in accordance with the above-mentioned conditions and in accordance with Articles 8 and 9 of the Law to the following parties: - Anonymously to business partners in order to ensure that the objectives of the establishment of the business partnership are fulfilled, (In case other data transfer is required, explicit consent is also obtained.)- Restaurants to a limited extent in order to fulfill the purposes covered by the contract with restaurants, - To the suppliers, to a limited extent, in order to provide Humy with the services necessary for Humy to fulfill its commercial activities and which Humy procures from the supplier externally. - Affiliates limited to ensuring the execution of commercial activities that require the participation of Humy affiliates, - To the shareholders limited to audit purposes in accordance with the provisions of the relevant legislation regarding designing strategies regarding the commercial activities of Humy, informing in accordance with the company procedures, - To the relevant public institutions and organizations and private law persons, limited to the purpose they request within their legal powers.

IV. PROTECTION OF PERSONAL DATA

Humy ensures that personal data is processed and protected in accordance with the law by taking other administrative and technical measures stipulated in accordance with the relevant legislation and to be notified by the Personal Data Protection Board in order to ensure the security of the personal data it processes. In this context, Humy takes technical and administrative measures to process personal data in accordance with the law, to store them in secure environments, to prevent unauthorized access risks and any other illegal access. In addition, Humy takes reasonable technical and administrative measures to prevent data loss, deliberate damage and deletion of data, including technological facilities and implementation costs. Namely; - Controlling personal data processing activities of Humy with established technical systems, - Making periodic reports regarding the technical measures taken, - informing and educating employees who process personal data at Humy about the protection of personal data and the processing of personal data in accordance with the law, - Creating awareness for relevant business units and determining implementation rules in order to meet the legal compliance requirements determined on the basis of business units, organizing internal policies and trainings to ensure the supervision and sustainability of these issues, - Creating the awareness of the employees and the records that impose obligation not to process, disclose and use personal data, except for the instructions of Humy and the exceptions imposed by law, to the contracts and documents that govern the legal relationship between Humy and employees, - Making access and authorizations in accordance with the legal compliance requirements determined on the basis of the business unit and limiting the access authorizations accordingly, - Installation and operation of software and hardware including virus protection systems and firewalls, - Adding the following provisions to the contracts concluded with the persons to whom the personal data is legally transferred, including the parties that Humy receives an external service due totechnical requirements regarding the storage of personal data, adding provisions stating that the persons to whom the personal data are transferred will take the necessary security measures in order to protect the personal data and ensure that these measures are complied with in their own organizations, - Establishing technical security systems for storage areas using legal backup programs, Humy, in the event that personal data processed in accordance with Article 12 of the Law are obtained by others illegally, carries out the system that ensures that this situation is notified to the relevant personal data owner and the Personal Data Protection Board as soon as possible. If deemed necessary by the Personal Data Protection Board, this may be announced on the website of the Personal Data Protection Board or by any other method..

V. ENLIGHTENING, RIGHTS AND INFORMING THE PERSONAL DATA OWNER

V.I. ENLIGHTENMENT OF PERSONAL DATA OWNER

In Article 10 of the Law, it is stated that personal data owners should be enlightened during the acquisition of personal data. Humy, in accordance with the general principles of other personal data processing activities specified in the relevant legislation, during the acquisition of personal data of personal data owners; (i) The identity of its representative, if any, (ii) For what purpose personal data will be processed, (iii) To whom and for what purpose, (iv) Method and legal reason for collecting personal data, (v) Informs about the rights of the personal data owner.

V.II. RIGHTS OF PERSONAL DATA OWNERS

In the 11th article of the Law, the rights of the personal data owner are counted. Namely, the data owner has the following rights; - Learning whether your personal data is being processed, - If personal data has been processed, to request information regarding this, - Learning the purpose of processing personal data and whether they are used appropriately for their purpose, - To know the third parties to whom personal data are transferred domestically or abroad, - To request correction of personal data in case of incomplete or incorrect processing, and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred.,- Although it has been processed in accordance with the provisions of the law and other relevant laws, in case the reasons for processing disappear To request the deletion or destruction of personal data and to notify the third parties to whom the personal data has been transferred, - To object to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems, - To request the compensation of the damage in case of damage due to unlawful processing of your personal data. However, in accordance with Article 28 of the Law, the above-mentioned rights cannot be claimed in the following cases: - Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics. - Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime. - Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security. - Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings. In accordance with the article 28/2 of the Law; In the following cases, personal data owners cannot claim their other rights as stated above, except for the right to claim damages: - Processing of personal data is necessary for the prevention of crime or for criminal investigation. - Processing personal data made public by the personal data owner himself. - The processing of personal data is necessary for the execution of supervision or regulation duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations that are public institutions based on the authority given by the law - Processing of personal data is necessary for the protection of the economic and financial interests of the State regarding budget, tax and financial issues.

V.III. INFORMING PERSONAL DATA OWNERS

In accordance with Article 20 of the Constitution, personal data owners are informed about their personal data and their requests for information in line with the right to request information,which is among the above-mentioned rights, are met by Humy in accordance with the Law. Humy carries out the necessary channels, internal functioning, administrative and technical regulations in accordance with Article 13 of the Law in order to provide the necessary information to personal data owners. In this regard, in case personal data owners submit their requests regarding their above- mentioned rights to Humy, they report their justified positive / negative response to the request free of charge within thirty days at the latest. However, if the transaction requires an additional cost, Humy will be able to receive the fee in the tariff determined by the Personal Data Protection Board. Personal data owners will be able to submit their requests regarding their above-mentioned rights to Humy, through the ALPHA E-TİCARET LİMİTED ŞİRKETİ Application Form in Annex-1. Applications to be made by personal data owners will be made by one of the following methods, together with the documents that will determine the identity of the personal data owner: - Filling in the form and delivering the wet signed copy to ………………… Istanbul address by hand, through a notary public or by registered mail, - Signing the form with a secure electronic signature regulated within the scope of Electronic Signature Law No.5070 and sending it to Humy, registered e-mail, - Sending a request to the info@Humy.app e-mail address, (In this case, in order to determine whether the applicant is actually the rightful owner of personal data from the channel where the applicant applied; The relevant person will be contacted over the registered phone to identify his / her identity and to determine whether the applicant has actually made this application. In this context, if the last order information of the applicant is confirmed and the data owner and the person making the request are matched, the application will be evaluated..) - Following a method stipulated by the Personal Data Protection Board. In order for third parties to make an application request on behalf of personal data owners, a special power of attorney issued by the data owner through a notary public must be available on behalf of the applicant. Humy may request information from the relevant person in order to determine whether the applicant is the owner of personal data, and in order to clarify the matters specified in the application, it may ask the personal data owner about his application. In the event that the application is rejected, the response is insufficient or the application is not responded in due time in accordance with Article 14 of the Personal Data Owner Law; Humy can apply to the Personal Data Protection Board within thirty days from the date of learning the answer, and in any case within sixty days from the date of application..

VI. DATA OWNER AND PERSONAL DATA CATEGORIZATION

VI.I. DATA OWNER CATEGORIZATION

Humy has categorized the owners of the personal data it processes as follows. The data owner categorization created within the scope of this Policy is associated with the following personal data owners. Data owners who are out of this scope will also be able to direct their requests to Humy in line with the Policy.

Personal Data Owner Category

Customer / User: Real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with Humy. Potential Customer: Real persons who have requested or have an interest in using our products and services, or who have been evaluated in accordance with the rules of commercial practice and honesty that they may have this interest in Corporate Customer Shareholder, Authorized Person, Employee: Employees, shareholders and authorized persons of legal person customers who use or have used the products and services offered by Humy, regardless of whether they have a contractual relationship with Humy. Third Parties: Other natural persons not covered by this Policy and Humy Employees Personal Data Protection and Processing Policy. Service Provider: Companies / persons who have a contractual relationship with Humy and transmit orders to users. Business Partner Shareholder, Authority, Employee: Real persons, including those who work in the institutions with which Humy has any business relationship, including the shareholders and officials of these institutions. Supplier Shareholder, Authorized Person, Employee: Real persons, including those who work in the institutions with which Humy provides products or services and has a business relationship, as well as the shareholders and officials of these institutions.

VI.II. PERSONAL DATA CATEGORIZATION

Under this Policy, personal data processed by Humy are categorized. Personal data of personal data owners in the above-mentioned data owner categories have been associated with the following personal data categories.

Personal Data Categorization

Identity Information:

The data containing information about the identity of the person, which is clearly or partially automatic or non-automatic as part of the data recording system, clearly belonging to an identified or identifiable natural person.

Communication information:

Information such as telephone number, address, e-mail address, fax number, IP address, which are clearly or partially automatic or non-automatically processed as part of the data recording system, clearly belonging to an identified or identifiable natural person.

Location Data:

Information clearly belonging to an identified or identifiable natural person; information processed partially or fully automatically or non-automatically as part of the data recording system; within the framework of operations carried out by Humy business units of the personal data owner, information that determines the location of the employees of the institutions with which Humy cooperates while using Humy vehicles.

Customer information:

Information clearly belonging to an identified or identifiable natural person and included in the data recording system; records for the use of our products and services, and information such as the customer's instructions and requests for the use of the products and services

Customer Transaction Information:

Information that is clearly belonging to an identified or identifiable natural person and contained in the data recording system; records for the use of our products and services, and information such as the customer's instructions and requests for the use of the products and services.

Family Members and Relatives Information:

Information clearly belonging to an identified or identifiable natural person; information processed partially or fully automatically or non- automatically as part of the data recording system; information about family members, relatives and other persons who can be reached in emergency situations in order to protect the legal and other interests of Humy and personal data owner within the framework of operations carried out by Humy business units.

Physical Space Security Information:

Information clearly belonging to an identified or identifiable natural person; information processed partially or fully automatically or non-automatically as part of the data recording system; Personal data regarding the records and documents received during the entrance to the physical space, during the stay in the physical space.

Transaction Security Information:

Data that are clearly belonging to an identified or identifiable natural person and included in the data recording system, Data processed to ensure our technical, administrative, legal and commercial security while conducting our commercial activities, such as: Personal data such as IP address, (system login information), log in credentials, logging of the resources accessed by suppliers while providing support, user movements specific to the wallet system (password reset, password creation)

Incident Management Information:

Information and evaluations collected about events that are associated with the personal data owner and have the potential to affect our company - employees - shareholders. (For ex.: Reporting the commercial activities of our company with a person who was tried as a defendant in a public criminal case , and to prevent negative communication about our company in this direction, making research on this person and the scope of the criminal investigation and the information collected on the correct management of the public opinion that will develop in this direction)

Financial Information:

Data clearly belonging to an identified or identifiable natural person; data processed partially or fully automatically or non-automatically as part of the data recording system; Processed personal data regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship that Humy has established with the personal data owner, data such as bank account number, IBAN number, credit card information, financial profile, assets data, income information

Visual and Audio Data:

Data clearly belonging to an identified or identifiable natural person; photo and camera recordings (excluding records included in the scope of Physical Space Security Information), voice recordings and data contained in documents that are copies of documents containing personal data

Legal Transaction and Compliance Information:

Data that is clearly belonging to an identified or identifiable natural person and contained in the data recording system; Personal data processed within the scope of the determination, follow-up of our legal receivables and rights and the execution of our debts and compliance with our legal obligations and our company's policies

Audit and Inspection Information:

Audit and inspection records and reports associated with the personal data owner, and information regarding the examinations made in this context and the information and comments collected.

Marketing Information:

Data that is clearly belonging to an identified or identifiable natural person and contained in the data recording system; Personal data processed for the marketing of our products and services in line with the usage habits, taste and needs of the personal data subject and the reports and evaluations created as a result of this processing.

Reputation Management Knowledge:

Information associated with the person and collected to protect the commercial reputation of our company (For example, information from Şikayetvar website, information collected on twitter and Facebook regarding the posts against our company, senior executives and shareholders, the evaluation reports created in this regard and information about the actions taken in this regard

Reputation Management Knowledge:

Data clearly belonging to an identified or identifiable natural person; data processed partially or fully automatically or non-automatically as part of the data recording system; Personal data regarding the receipt and evaluation of any request or complaint directed to Humy

VII. PRINCIPLES REGARDING THE STORAGE PERIOD OF PERSONAL DATA

Personal data is stored by Humy for the periods stipulated in the relevant legislation and in line with its legal obligations. If a period of time is not regulated in the legislation regarding how long personal data should be stored, Personal data are processed in connection with the activity of Humy while processing that data for a period that requires Humy to be processed in line with commercial practices and then deleted, destroyed or anonymized. If the personal data whose purpose of processing has expired and the personal data requested to be deleted / anonymized by the personal data owners, the retention periods determined by the relevant legislation and Humy have also come to an end; It can only be stored for the purpose of providing evidence in possible legal disputes or to assert the right related to personal data or to establish a defense. Humy is based on the prescription periods stipulated in the relevant legislation while determining the retention periods of personal data. Personal data stored for this purpose can only be accessed by limited persons when it should be used in the relevant legal dispute, and cannot be accessed for any other purpose other than this purpose. At the end of this period, personal data are deleted, destroyed or anonymized.

VIII. TERMS OF DELETING, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

Although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Law, In the event that the reasons requiring the processing are eliminated, personal data are deleted, destroyed or anonymized based on the decision of Humy or at the request of the personal data owner.