DATA POLICY

PERSONAL DATA PROTECTION AND PROCESSING POLICY

Dear concerned,

We, as KANAL D INTERNATIONAL, approach sensitively the subject of securing and processing your personal data and private life. Please be informed that your personal data shared with us, are stored securely and processed in compliance with the regulations.

Please be welcomed to reach our clarification text regarding the principles on processing, storing and use of your personal data prepared in accordance with Code of Personal Data Protection Numbered 6698.

1. PURPOSE

As Yelda Haber ve Görsel Yayıncılık A.Ş. (“Kanal D International”); it is our priority to process the personal data of real persons including our customers, consumers and employees in compliance with the relevant legislation particularly Constitution of Republic of Turkey and international agreements for human rights, which our country is party of it, and Personal Data Protection Law (“KVKK”) with no. 6698 and to ensure the rights of relevant persons, which their data is processed, to be used effectively.

Therefore, provided not limited to those listed; we are executing the transactions for processing, hiding and transfer of data related to all personal data of our employees

Customers, consumers, users visiting our website, shortly all personal data, which we obtained during our activities, according to Yelda Haber ve Görsel Yayıncılık A.Ş. (Kanal D International) Personal Data Protection and Processing Policy (“Policy”).

Protection of personal data and looking after the basic rights and freedoms of real person, whose personal data are collected, are basic principles of our policy for processing of personal data. Therefore, we continue our activities, which personal data is processed, by looking after the rights of the protection of privacy of private life, privacy of communication, freedom of thought and faith and use of effective legal remedies.

We take all administrative and technical protection measures for protection of personal data as required by relevant data quality in compliance with legislation and up-to-date technology.

This Policy describes the methods, which we follow for processing, hiding, transfer and deletion or anonymization of personal data shared during our commercial or social responsibility and similar activities within the framework of principles mentioned in KVKK.

2. SCOPE

Being not limited to those listed; all personal data of our employees, subscribers, consumers, visitors, business connections, customers, potential customers, supplies, dealers, users visiting our website and shortly all personal data, which we obtain during our activities and are processed by Demiroren Media, are within scope of this Policy.

Protection of personal data is related only to real persons and the information not including information related to real person in it are left out of protection of personal data. Therefore, this Policy is not applied to the data belonging to legal persons.

Our Policy is implemented in activities towards processing of all personal data, which Company owns or are managed by Company, and it has been prepared by looking after KVKK and other relevant legislation related to personal data and international standards in this field.

3. DEFINITIONS and ABBREVIATIONS

Special terms and statements, concepts, abbreviations etc. in Policy are described briefly in this section.

3.1. Company: Yelda Haber ve Görsel Yayıncılık A.Ş. (Kanal D International)

3.2. Express Consent: approval given only limited for that transaction, for a certain subject, based on informing and freewill and at openness beyond question.

3.3. Anonymization: bringing the personal into condition that cannot be associated to a real person, whose identity is certain or can be determined by being matched with other data.

3.4. Employee: Company personnel.

3.5. Demiroren Media

3.6. Personal data Owner (Relevant Person): Real person whose personal data is processed.

3.7. Personal Data: all types of information real person, whose identity is certain or can be determined.

3.8. Specific Personal Data: Data of persons related to race, ethnic origin, political opinion, philosophical belief, religion, sectarian or other beliefs, appearance, health, association, foundation or union membership, sexual life, criminal conviction and security measures and biometric and genetic data.

3.9. Personal Data Processing: All processes realized on data such as obtaining with non-automatic ways, recording, storage, hiding, change, rearrangement, explanation, transfer, takeover, bringing into obtainable condition, classification or prevention of use of personal data provided that they are fully or partly automatic or past of any data recording system.

3.10. Data Processor: Real or legal person processing the data in the name of data supervisor based on authorization, which data supervisor gave.

3.11. Data Supervisor. Real or legal person determining the personal data processing purposes and tools and being responsible for installation and management of data recording system.

3.12. KVK Board: Personal Data Protection Board.

3.13. KVK Agency: Personal Data Protection Agency.

3.14. KVKK: Personal Data Protection Law published in Official Gazette with no 29677 and dated 7 April 2016.

3.15. KEP: Recorded Electronic Mail Address. System protecting all commercial and legal correspondence and document sharing as sent, determining certainly who is receiver, ensuring the content not to change certainly and bringing the content into legally valid and secure and conclusive evidence..

3.16. Policy: Yelda Haber ve Görsel Yayıncılık A.Ş. (Kanal D International) Personal Data Protection and Processing Policy.

4. ROLES AND RESPONSIBILITIES

4.1. Board of Directors
Board of Directors is responsible for top supervision of determination and operation of notification, examination and sanction mechanisms in case Policy, rules and arrangements.

4.2. Executive Board
Personal Data Protection and Processing Policy has been approved by Executive Board. He is the authorized approval mechanism on ensuring the formation, implementation and when required, updating of Policy.

Executive Board, at activities, which he is responsible for, is responsible for,

· Taking necessary measures for compliance of employees taking charge and companies, which external services are taken, with Policy

· Examination of subjects to examine the issues contrary to Policy and notification to DOHOL Supervision Vice Chairman.

4.3. Legal group Department
Legal Group Department is responsible for preparation, development, execution and updating of this Policy together with Information System Directorate. Legal Group Department evaluates this Policy when required in terms of up-to-datedness and development needs.

4.4. Information Technologies
Legal Group Department is responsible for preparation, development, execution and updating of this Policy together with Information Technologies. He evaluates this Policy when required in terms of up-to-datedness and development needs.

4.5. Human Resources
Distribution of the prepared document in organization is under responsibility of Human Resources.

5. LEGAL OBLIGATIONS

Legal obligations within scope of personal data protection and processing as data supervisor in accordance with KVKK have been listed below:

5.1. Our enlightening obligation
While collecting personal data as data supervisor, we have enlightening obligation to enlighten Relevant Person on;

Which purpose your personal data will be processed,

Information for your identity and identity of your representative, if any,

To whom and which purpose your processed data will be transferred,

Our data collection method and its legal reason,

Rights arising from law,

We take care as Company that our Policy being open to public is clear, understandable and easily accessible.

5.2. Our obligation for providing data security
We take administrative and technical measures foreseen in legislation in order to provide the security of personal data under our responsibility as data supervisor. Obligations for data security and measures taken are detailed in sections 9 and 10 of this Policy.

6. CLASSIFICATION OF PERSONAL DATA

6.1. Personal data
Personal data; are all kinds of information related for real person, whose identity is certain or can be determined.

Protection of personal data is related only to real persons and the information belonging to legal persons and not including information related to real person in it are left out of protection of personal data. Therefore, this Policy is not applied to the data belonging to legal persons.

6.2. Specific personal data
Data of persons related to race, ethnic origin, political opinion, philosophical belief, religion, sectarian or other beliefs, appearance, health, association, foundation or union membership, sexual life, criminal conviction and security measures and biometric and genetic data are specific personal data

7. PROCESSING OD PERSONAL DATA

7.1. Our principles of processing personal data

We process the data in accordance with following principles.

7.1.1. Processing in compliance with law and good faith
We process the personal data in compliance with good faith and within the framework of our transparency and enlightening obligation.

7.1.2. Ensuring personal data to be correct and up-to-date when required
In order to ensure the processed data to be correct and up-to-date, we take necessary measures in our procedures. We give Personal Data Owner opportunity to apply to us to update his data and if any, to correct the errors in his processed data.

7.1.3. Processing for certain, clear and legitimate purposes
As Company, we process the personal data within the legislation, which their scope and content has been determined clearly, and our legitimate purposes determined to continue our activities within the framework of ordinary flow of commercial life.

7.1.4. Being connected, limited and prudent of personal data with purpose for which they are processed
We process the personal data as connected, limited and prudently with purpose, which we determined clearly and definitely.

We avoid processing the personal data, which are not related and not needed to be processed. Therefore, we do not process the specific personal data unless legal necessity requires or we take express consent for subject when we need to process.

7.1.5. Hiding personal data foreseen by legal arrangements and during our commercial legitimate interests
Many arrangements in legislation require personal data to be hidden for a certain time. Therefore, we hide the personal data, which we process, for a period foreseen in relevant legislation or required for the processing purposes of personal data.

In case hiding period foreseen in legislation ends or processing purpose disappears, we delete, remove or anonymize the personal data. Our principles and procedures for hiding periods are detailed in article 9.1 of this Policy.

7.2. Our personal data processing purposes

As Company, we process the personal data for the purposes similar to listed below but not limited to those listed:

Ø Execution of our activities,

Ø Providing customer service to our customers within scope of Contract and within the framework of service standards,

Ø Shaping and updating in this scope the services that will be given to our customers by determining preference and needs of our customers,

Ø Ensuring our legal obligations to be fulfilled as required or obliged by legal arrangements,

Ø Being able to make market survey and statistical studies,

Ø Questionnaire, competition, promotion and sponsorships

Ø Evaluating job applications,

Ø Management of program productions,

Ø Production,

Ø Contacting persons making business relation with company,

Ø Marketing,

Ø Compliance management,

Ø Seller / supplier management,

Ø Advertisement,

Ø Legal reporting,

Ø Invoicing.

7.3. Specific personal data processing
Specific personal data are processed by taking administrative and technical measures foreseen laws and foreseen by KVK Board and data related to health and sexual life are processed if there is express consent. We may process your data related to race, ethnic origin, political opinion, philosophical belief and religion, sectarian or other beliefs, appearance, association, foundation or union membership, criminal conviction and security measures and biometric and genetic data without your express consent. In case you join as competitor to any competition by Television or Kanal D International, if we have to process your health information for ensuring participation in said competition, we receive your express consent on this subject before reading information text. In the event of participation in television programs as competitor, audience or guest, please examine article 7.6 of this Policy for more detailed information on processing of your personal data.

7.4. Processing of personal data within scope of other subscriptions
In case you subscribe to products or services, which we realize their distribution with purposes such as benefitting from campaigns, being informed about advantageous served, we collect your personal data by means of other forms and we process and transfer your personal data, which you share.

7.5. Processing of personal data collected via cookies in our website
We use the cookies for developing the operating form and use of our website and trying to bring the time, which you spend in our website, more efficient and more pleased. In addition to these, we benefit from some cookies towards remembering the preferences, which you make in our website, and we provide you with developed and customized experience thanks to this.

You may collect your personal data via cookies in our website and we may process, transfer and hide the date we collected.

You may examine our “Our Cookie Policy” for detailed information related to cookies, which we use in our website.

7.6. Processing personal data for purposes of human sources and employment
We process, hide and transfer your personal data in curriculum vitae, diploma etc. other document, which you share with us during applications you will make to use as Personnel Candidate, for purpose of evaluation of job application. Processing, transferring and hiding of your personal data, which you share with us, are within scope of this Policy.

Personal data belonging to personnel; are collected, processed and hidden within the framework of Demiroren Media Human Resources Policy (http://www.doganholding.com.tr/_files/pdf/Dogan_Grubu_insan_kaynaklari_politikasi.pdf ).

7.7. Processing of personal data in case participation in television programs as competitor, audience or guest
In case you participate in programs made by Kanal D International or 3rd parties as competitor, audience or guest, we may process your personal data. Data, which we process, are hidden for periods foreseen by legislation. In case your application for participation in television programs as competitor, audience or guest, is concluded negatively, we may hide them in our database to evaluate your participation in other television programs as competitor provided taking your express consent.

In cases your health data are required to be processed for participation in programs, your express consent is taken as set out in article 7.3 of this Policy. In case you do not give consent about processing of your health data, your application for participation in competitions may be concluded negatively.

7.7.1. Processing of personal data of persons under 18 years old in case participation in television programs as competitor, audience or guest
As Kanal D International, our all departments including real and legal persons, which we cooperate, are aware of sensitivity of personal data of your children and we take care at high level on protection of these data. Sharing of personal data of your child is under responsibility of parent or legal representative. You may contact us from address of saleslegal@.com.tr for personal data of your child including personal data shared without approval of parent or legal representative.

We do not process the personal data of persons under 18 years old intentionally and we recommend parents to undertake active role in supervision of online activities of your children.

After relevant Person is older than 18 years old, he has right individually to request his requests for personal data including deletion, removal or anonymization of data belonging to him from our databases without ratification of legal representative or parent. You may examine article 11.1 of this Policy for principles and procedure related to these requests.

7.8. Exceptional circumstances, which express consent is not required in processing of personal data
We may process personal data without taking express consent at exceptional circumstances listed below and arising from law:

Ø If foreseen clearly in laws;

Ø If processing of personal data belonging to parties of contract is required provided being directly related to establishment or performance of a contract

Ø If data processing is compulsory for establishment, use or protection of a right;

Ø If your data are obliged to be processed by us, as data supervisor for our legitimate interests provide not giving damage to basic rights and freedoms.

Exceptional circumstances, which specific personal data will be able to be processed without express consent of Relevant Person, are specified in article 7.3 of this Policy.

8. TRANSFER OF PERSONAL DATA

8.1. Transfer of personal data into the country
As Company, we act in compliance with decisions and arrangements foreseen in KVKK and made by KVK Board on transfer of personal data.

Provided that exceptional circumstances in legislation are reserved, personal data and specific data are not transferred to other real persons or legal persons without express consent of Relevant Person.

At exceptional circumstance foreseen by KVKK and other legislation, data may be transferred to authorized administrative or legal agencies or organizations in a way foreseen in legislation and depending on the limits without express consent of Relevant Person.

Furthermore, with the exceptional circumstances foreseen by legislation;

Ø At circumstances explained in article 7.7 of Policy,

Ø At circumstances listed in article 7.3 of Policy on specific personal data,

Ø Together with taking measures foreseen by KVK Board and relevant legislation, specific personal data related to health and sexual life Relevant Person may be transferred to persons or authorized agencies and organizations being under confidentiality obligation, without requiring express consent for the purpose of protection of public health, preventive medicine, medical diagnosis, performing treatment and care and planning and management of health services and financing

8.2. Transfer of personal data to foreign countries
As a rule, personal data cannot be transferred to foreign countries without express consent. But in cases one of exceptional circumstances mentioned in articles 7.3 and 7.7 of this Policy is available, personal data may be transferred to third countries without express consent, in cases the third persons being in foreign country:

Ø are in countries where sufficient protection announced by KVK Board is available;

Ø are in countries where sufficient protection is not available, in cases the data supervisors in Turkey and said foreign country commit the sufficient protection in writing and KVK Board gives permission

8.3. Agencies and organizations, which personal data are transferred
Personal data may be transferred to;

Ø Our suppliers,

Ø Our business partners and business connections,

Ø Construction companies,

Ø Group companies,

Ø Legally authorized public agencies and organizations,

Ø Legally authorized private law persons,

Ø Our shareholders,

but not limited to those listed, according to the rules and principles explained above.

8.4. Measures, which we took for transfer of personal data in compliance with law

8.4.1. Technical measures
In order to protect personal data, but not limited to those listed;

Ø We make in-company technical organizations for processing and hiding of personal data in compliance with legislation,

Ø We form technical infrastructure to ensure the security of databases, which your personal will be hidden,

Ø We follow processed of technical infrastructures formed and make their controls,

Ø We determine procedures for reporting of technical measures, which we take, and control processes,

Ø We update and renew the technical measures periodically,

Ø Necessary technological solutions are produced by reexamining the risky situations,

Ø We uses virus protection systems, security firewall and similar software or hardware security products and we install security systems compliant with technological developments,

Ø We employ expert employees being expert in technical subjects.

8.4.2. Administrative measures
In order to protect personal data, but not limited to those listed;

Ø We form policies and procedures in our company for access to personal data including the company and subsidiary employees

Ø We inform and train our employees for protection and processing or personal data in compliance with law,

Ø We record the measures, which will be taken in cases personal data are processed by our employees as contrary to law, in policies we formed and/or in contracts we placed with our employees,

Ø We supervise activities of processing of personal data of data processor, which we work together, or partners of data processors.

9. HIDING OF PERSONAL DATA

9.1. Hiding the personal data as period required for purpose, which are foreseen in relevant legislation or are processed
We are hiding the personal data for a period required by purpose of personal data processing, provided the hiding periods foreseen in legislation are reserved.

In cases we process the personal data with more than one purpose, in case processing purposes disappear or there is no hindrance for deleting the data upon request of Relevant Person, data are deleted, removed or hidden by being anonymized. Legislation provisions and KVK Board decisions are followed on removal, deletion or anonymization issues.

9.2. Measures we take for hiding of personal data

9.2.1. Technical measures
Ø We form technical infrastructures and supervision mechanisms for these in order for personal data to be deleted removed and anonymized,

Ø We take measures for hiding the personal data securely,

Ø We employ employees having technical expertise,

Ø We form work continuation and emergency conditions plans against risks that may occur and we develop systems for implementation of these,

Ø We install security systems in accordance with technological developments for hiding fields of personal data.

9.2.2. Administrative measures
Ø We create awareness by informing our employees on technical and administrative risks related to hiding of personal data,

Ø In case cooperation is made with third persons for hiding of personal data, in contracts placed with companies, which personal data are transferred, we give place to provisions to take necessary security measures for protection and securely hiding of the transferred personal data of the persons, whose personal values are transferred.

10. SECURITY OF PERSONAL DATA

10.1. Our obligations for security of personal data
We take administrative and technical measures according to technologic possibilities and implementation costs to;

Ø Prevent the personal data to be processed illegally,

Ø Prevent the personal data to accesses illegally,

Ø Ro provide them to be hidden in compliance with law,

10.2. Measures we take for preventing the personal data to be processed as contrary to law
Ø We make and get done the necessary controls in our company,

Ø We train and inform our employees about processing of personal data in compliance with law,

Ø Activities, which our company executes, are evaluated in details at specific of all business units and personal data are processed at specific of all commercial activities realized by relevant units as a result of said evaluation,

Ø In case cooperation is made with third persons for processing of personal data, in contracts placed with companies processing the personal data; we give place to provisions for persons processing personal data to take necessary security measures,

Ø In case personal data are disclosed as contrary to law or there is data leakage, we notify this to KVK Board, we make necessary investigations foreseen by legislation on this subject and we take the measures.

10.2.1. Technical and administrative data to prevent the access being contrary to law
In order to prevent the access of personal data being contrary to law;

Ø We employ employee having technical expertise,

Ø We update and renew the technical measures periodically,

Ø We form access authorization procedures in our company,

Ø We determine the procedures for reporting of control processes and technical measure we have taken,

Ø We form the data recording system, which is used in our company, in compliance with law and we make controls periodically,

Ø We form emergency aid plans against risks, which may occur, and we develop systems for implementation of these,

Ø Our employees are trained and informed on authorization and access to personal data,

Ø In case cooperation is made with third persons for purpose of activities of processing and hiding of personal data, in contracts placed with companies providing access to personal data; we give place to provisions for persons processing personal data to take necessary security measures,

Ø We install security systems within technologic developments to ensure preventing the illegal access to personal data.

10.2.2. Measures we take in case personal data are disclosed illegally
We take administrative and technical measures towards illegal disclosure of personal data and we update our relevant procedures compliantly. In case we determine that personal data are disclosed in unauthorized way, we create systems and infrastructures to notify this situation to Relevant Person and KVK Board

In case illegal disclosure is realized although all administrative and technical measures taken, in case deemed necessary by KVK Board, this situation may be announced at website of KVK Board or with another method.

11. RIGHTS OF PERSONAL DATA OWNER
Within scope of our enlightening obligation, we inform Personal Data Owner and we install systems and infrastructures for this informing. We make technical and administrative arrangements required for Personal Data Owner to use his rights for his personal data.

Personal Data Owner, on personal data, has rights to;

Ø Learn whether personal date are processed or not,

Ø Request information for this if personal data are processed,

Ø Learn the personal data processing purpose and whether these are used in compliance with their purpose or not,

Ø Know third persons which personal data are transferred domestically and abroad,

Ø Ask for these to be corrected if personal data have been processed incompletely or wrongly,

Ø Ask for personal data to be deleted or removed in case the reasons requiring personal value to be processed,

Ø Ask for the abovementioned correction, deletion or removal procedures to be notified to third persons, which personal data are transferred,

Ø Object the unfavorable result arising by analysis of processed data by means of automatic systems exclusively,

Ø Request the recovery of losses in case he incurs loss due to illegal processing of personal data.

11.1. Use of rights related to personal data
Personal data owner may send his request related to his personal data with this method in case different method is determined by KVK Board and to the address of 100. Yıl Mahallesi, Doğan TV Center, Bağcılar/ İstanbul in writing and as signed.

At application, which Personal Data Owner will make for using the abovementioned rights and includes the explanations related to right, which he requests to use; the subject requested should be clear and understandable, the requested subject should be related to applicant or should be authorized especially on this subject if acted in the name of other and this authorization should be documented and furthermore, application should include the identity and address information documents certifying the identity should be attached in application.

The said requests shall be made individually and the requests, which third persons make in relation with personal data, shall not be taken into evaluation. In case Relevant Person is under 18 years old, parent or legal representative of Relevant Person may use the said rights in the name of Relevant Person. In this case, documents certifying the identity of Relevant Person and identity information of parent or legal representative should be attached in application.

11.2. Evaluation of application

11.2.1. Time for replying the application
Requests for personal data are concluded free of charge within shortest time according to nature of request and within maximum 30 (thirty) days. But, in case procedure required cost, fee at tariff determined by KVK Board may be taken.

During application or while application is evaluated, requesting additional information and document may be in question.

11.2.2. Our right to reject the application
Applications related to personal data are rejected by explaining non-acceptance reason, in cases, but not limited to those listed;

Ø Personal data are processed for purposes such as research, planning and statistics by anonymizing with official statistics,

Ø Personal data are processed within scope of art, history, literature or scientific purposes or freedom of expression provided they do not violate the privacy of private life or the personal rights or they do not constitute a crime,

Ø Personal data publicized by Personal Data Owner are processed,

Ø Application does not based on justification,

Ø Application includes a request contrary to relevant legislation,

Ø Application procedure is complied.

11.3. Evaluation procedure of application
In order for the reply time specified in article 11.2.1 of this Policy to be able to start, the requests made should be sent in writing and as originally signed or electronically signed and via e-mail address dtv@hs02.kep.tr or with other methods, which KVK Board determined, together with information and documents certifying the identity of applicant.

If request is accepted, the relevant procedure is applied and notification is made at written or electronic media. In the event of rejection of request, it is notified to applicant at written or electronic media by explaining its reason.

11.4. Right for complaint to Personal Data Protection Data
In cases the application is rejected, response, which we give to application, is found insufficient or it is not replied within its time; applicant has right to complain to KVK Board within 30 (thirty) days after he learns the response and within 60 (sixty) days after application date in any case.

12. PUBLICATION AND HIDING OF DOCUMENT
This Policy is hidden at two different media being paper and electronic media.

Updated version of documents is available in organization portal and website.

Originally signed copies are hidden by Financial and Administrative Affairs Directorate and when required, they are disposed by Legal Group Department with the written approval of Department Manager.

13. UPDATING PERIOD
This Policy is reviewed at least once in a year and updated in case needed.

14. EFFECTIVITY
This policy enters into force at the date of acceptance of Executive Board.

15. ABOLISHMENT
In case decided to be abolished, the originally signed old copies of this Policy are signed by being cancelled (by stamping cancellation cachet or by writing cancelled) by Legal Group Department with the written approval of Department Manager and are hidden by Financial and Administrative Affairs Directorate.