Personal Data Protection Policy

As Harezm Technology and Consulting ("Harezm", "Company" or "We"), the security, privacy, and lawful processing of your personal data are our highest priorities. In compliance with the Personal Data Protection Law No. 6698 ("PDPL" / "KVKK" in Turkey) and, where applicable, the General Data Protection Regulation ("GDPR"), we have prepared this Clarification Text to inform you about how your personal data acquired through www.harezm.com ("Website") or other communication channels is processed in our capacity as the "Data Controller".

1. Processed Personal Data

Depending on your engagement with us, the following categories of your personal data may be processed:

• Identity Data: Name, surname.
• Contact Data: Email address, phone number, LinkedIn profile link.
• Professional Data: Company name, title, department (relevant for B2B SAP project communications).
• Transaction Security Data: IP address, time of visit, browser specifications (as required by local framework laws).
• Request Data: Specific text contents provided to us through the website contact forms.

2. Purposes of Data Processing

Your personal data is processed in accordance with general data protection principles for the following purposes:

• Evaluating service requests (e.g., SAP consulting, S/4HANA migrations) and generating B2B proposals,
• Executing contracts and maintaining professional architectural communications,
• Ensuring the technical operation, security, and integrity of the Website,
• Responding properly to legal inquiries from authorized institutions.

3. Legal Basis of Processing

Your data is collected electronically (via website forms, emails) wholly or partially through automated means, relying closely on the following legal grounds stipulated by the PDPL/GDPR:

• "Processing is necessary for the performance of a contract to which the data subject is party,"
• "Processing is necessary for compliance with a legal obligation to which the controller is subject,"
• "Processing is necessary for the purposes of the legitimate interests pursued by the controller."

4. Data Transfer and Third Parties

As a rule, Harezm does not transfer personal data to third parties for marketing or sales purposes. Data may only be shared with the following parties when strictly necessary for the fulfillment of our operational obligations, subject to non-disclosure agreements:

• Cloud infrastructure and email hosting providers,
• Authorized public institutions and judicial authorities acting upon legal order,
• Independent auditors, financial, and legal consultants strictly for corporate compliance.

5. Your Rights as a Data Subject

Under the relevant data protection regulations (incl. Article 11 of the Turkish PDPL), you have the right to:

• Inquire whether your data is being processed and request information regarding it,
• Learn the purpose of processing and whether data is used accordingly,
• Know the third parties to whom data is transferred domestically or internationally,
• Request rectification of inaccurate data, and request deletion or destruction of your data under the conditions laid out by the law.

You may exercise these rights by sending an e-mail containing your requests and identification details to info@harezm.com.tr. All requests will be evaluated and responded to free of charge within thirty (30) days at the latest.