Customer Clarification Text

1. Preface

Rhodium Mağazacılık ve Dış Ticaret Anonim Şirketi (“Rhodium” or Company), attaches importance to the protection of your personal data. In this context, this clarification text informs you that your personal data may be processed in accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK” or “Law”) and explains the rights you have.

You can find detailed information about the purposes of processing your personal data by our Company in the Privacy and Cookie Policy and Customer Clarification Text available at www.rhodium.com.tr.

2. Data Controller

Rhodium, as the data controller, will process your personal data within the scope described below and within the limits stipulated by the relevant legislation.

Rhodium may, from time to time, amend this clarification text. In the event of any changes, you will be notified by updating the date of the last revision on this document. Therefore, we advise you to review the Customer Clarification Text on our website prior to engaging in any actions or transactions on our site.

3. Personal Data We Process

‍‍We process your personal data that you provide to us or that we obtain by automatic or non-automatic means or that we receive from other third parties, which we group as follows:

When you visit our website;

• Technical Information: Internet Protocol (IP) address, login data, browser type and version, time zone settings and location, browser plugin types and versions, operating system and platform, and other technologies on the devices used to access this website, as well as information about how you use our website, etc.
• Marketing and Contact Information: Your preferences regarding our products and services, cookies if you give your consent (we may use cookies and other tracking technologies during your interaction with the website to collect information about you. This information helps us determine your preferences, identify your interest in certain brands or products, and analyze how you interact with specific content. This information may be collected regardless of whether you log into a membership session on the website, and can be matched across devices used. For further information on cookies and how to delete them, please read the Rhodium Privacy and Cookie Policy).

When you contact us through various communication channels, when you submit your requests and complaints to us, when you request customer support, or when you contact us through Rhodium accounts on third-party social media networks;

• Identity Information: Your name and surname. This information is necessary to identify you when you use any of our services.
• Contact Information: Your email address, mobile phone number, communication history information (we store information about the history of our relationship with you when you contact our call centre or make a request).
• Matters stated in your request or complaint
• Audio Records: When you call our call centre, your conversations (your voice) will be recorded for the purpose of improving our service quality, managing your request, and archiving as evidence. You will be notified of this by voice message before being connected to a customer representative. If you do not wish for your phone conversations (your voice) to be recorded, you can always reach us through other channels.

When you consent to receiving commercial electronic communications from us;

• Contact Information: Your email address, your mobile phone number.
• Marketing Information: If you wish to share, your favourite products, your responses to our survey questions, your preferences regarding our products and services, and if you consent, cookies (we may use cookies and other tracking technologies during your interaction with the email messages we send to collect information about you. This information helps us determine your preferences, identify your interest in specific brands or products, and analyse how you interact with particular content. This information may be collected regardless of whether you log into a membership session on the website, and can be matched across devices used. For further information on cookies and how to delete them, please read the Rhodium Privacy and Cookie Policy).

When you register on our website;

• Identity Information: Your name and surname, date of birth, gender. This information is necessary to identify you when using any of our services.
• Contact Information: Your email address, mobile phone number, communication methods, delivery and billing address.
• Transaction Security: The membership password you choose, your login and logout records on the website.
• Customer Transaction Information: Your order, order cancellation, delivery information, return and order history (we collect information about your order history, such as order transactions, and also store information such as product details, and the date of delivery or return when you purchase or return a product). Additionally, if you make a purchase by logging in as a member, your personal data mentioned under the section "When you make a purchase or request a service" will also be processed.
• Marketing Information: Your favorite products, preferences regarding our products and services.

When you make a purchase or request a service;

• Identity Information: Your name and surname. This information is necessary to identify you when using any of our services.
• Contact Information: Your email address, mobile phone number, delivery (when making a purchase on our website) and/or billing address.
• Customer Transaction Information: Your order, order cancellation, delivery information, return, preferred courier company (when making a purchase on our website), billing and payment method information, order history (we collect information regarding order transactions and the location of the purchase, etc.; we also store information such as product details and the date and place of the purchase or return when you buy or return a product).
• Transaction Security (when making a purchase on our website):Information on the device used (as part of our measures to combat internet fraud for the prevention and management of payment issues), information on the device used to complete the order (in particular the operating system used, the location of the device, whether a proxy server was used, etc.) is automatically collected with your explicit consent and used to analyze your transactions in order to detect fraudulent activity and prevent unpaid amounts. This information may be sent to judicial authorities and legally authorized third parties solely for the purpose of identifying the buyer's identity, verifying the order's validity, the payment method used, and the planned delivery details. You may refuse to provide explicit consent or withdraw your consent at any time by following the methods set out in the Rhodium Privacy and Cookie Policy section.
• If you make your payment via credit card/bank card or bank transfer, your card information is not stored by our Company and is directly transferred to the relevant payment service provider.

We may obtain your personal data from sources other than those mentioned above, such as third-party business partners you have contacted, and link it with the data we have collected about you, in cases where you have permitted your personal data to be shared with third parties for direct marketing or targeted advertising purposes.

We do not collect any sensitive personal data about you (Sensitive personal data includes information about a person’s race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance and attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data).

Your personal data will be stored in accordance with the periods specified in the relevant legislation.

4. Purpose of Processing Your Personal Data

‍The personal data collected will be processed in accordance with the basic principles set forth in the Law, for the purposes listed below ("Purposes") and within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law:

To enhance your experience of benefiting from the products or services provided by our Company

• To carry out the sale and performance of the products and services you requested from the website or a Rhodium store, to execute the processes of contracting related to product sales and service performance, to handle order delivery and invoice preparation, and to manage online payment processes, fraud and payment issues;
• To manage customer relations and evaluate requests and complaints (we may use your personal data to communicate with you, respond to your questions, and manage your requests (requests made via call centre or email)). In cases of telephone communication, Rhodium records customer calls to improve service quality, manage customer requests, and archive them as evidence);
• To ensure smooth navigation on our website and to enhance the user experience;
• To complete the membership process on our website, membership inquiry, changes/updates to your membership information, and sending confirmation codes, as well as enabling you to benefit from the advantages offered through your membership on our website.

In the presence of your explicit consent, within the scope of recommending products and services to you by customising them according to your tastes, usage habits and needs;

• Customizing the products and services provided by our Company according to your preferences, usage habits, and needs, and managing the comments you have shared regarding the products.
• Sending advertisements, promotions, campaigns, and other commercial electronic communications to the contact details you have provided.

For the purpose of carrying out the commercial activities conducted by our Company,

• Managing accounting and financial processes,
• Managing information security processes,
• Fulfilling our obligations arising from legislation
• Providing information and documents to authorized public institutions, organizations, and private individuals, as well as judicial and law enforcement authorities, and fulfilling other legal obligations.

5. Persons to Whom We Transfer Your Personal Data and Purposes of Transfer

‍We may transfer the personal data we collect to our suppliers, contracted courier companies, payment providers, banks, business partners, consultants, and authorized public institutions, in accordance with the conditions set forth in Articles 8 and 9 of the KVKK, for the purpose of determining and developing our commercial strategies and improving our customer services. Transfers to individuals outside the Republic of Türkiye will be carried out in compliance with the conditions outlined in the Law and other relevant legislation. It is also possible to make transfers in accordance with the relevant legislation to fulfill our obligations towards public authorities.

Additionally, if you give your consent, we may share your personal data with third parties, ensuring compliance with the provisions and conditions of the KVKK. In all cases, we require that all third parties evaluate your personal data in accordance with the legislation and respect the security of your data. We do not allow third-party service providers to use your personal data for their own purposes; we only permit them to process your data for the purposes specified by us, within the framework of our instructions.

6. Methods of Collecting Your Personal Data and Legal Grounds

In order to ensure that you benefit from the products and services offered by our Company, your personal data will be collected in electronic environment through our Company's website and social media accounts, e-mail, telephone, SMS, call centre; in physical environment through mail, our stores and printed and online forms used for our products or services in case of contact with our Company. Your personal data are processed for the following legal reasons in accordance with Article 5 of the Law.

Based on the legal reason that data processing is mandatory for the legitimate interests of the Company;

• Customer relationship management and evaluation of requests and complaints,
• Management of accounting and financial processes,
• Management of information security processes,

Based on the legal ground that the processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract;

• Management of the sales, order delivery and contract processes of the products and services you have requested online or from a Rhodium store, invoice issuance, management of online payment processes, payment fraud and payment problems,
• Realisation of your website membership, including membership inquiry, changes/updates to your membership information, sending confirmation codes, and enabling you to benefit from the advantages offered through your membership on the website

Based on the legal ground related to the legal obligations of the Company;

• Fulfilment of our obligations arising from the legislation
• Providing information and documents to authorized public institutions, organizations, and private individuals, as well as judicial and law enforcement authorities, and fulfilling other legal obligations.

Or, if based on your explicit consent, your personal data may be processed within the following scope;

• Customisation of the products and services offered by our company according to your likes, usage habits and needs, management of the comments you have shared regarding the products
• Sending advertisements, promotions, campaigns and similar commercial electronic messages to your specified contact information
• Ensuring smooth navigation on our website and improving the user experience (Generally, you may browse the website without sharing any data that can identify you. However, in order to ensure the security of the website and our services and to personalise the online user experience, cookie information is automatically collected on the website if you give your consent (Please read the Rhodium Privacy and Cookie Policy to learn more about cookies and how to delete cookies),

7. Your Rights as a Data Owner

As a data owner, if you submit your requests regarding your rights through the methods outlined below, we will respond to your request as quickly as possible and no later than 30 (thirty) days, free of charge, depending on the nature of your request. However, if the process requires an additional cost, the fee specified in the tariff determined by the Personal Data Protection Board will be applied. In this context, under Article 11 of the KVKK, as a data owner, you have the right to;

• To learn whether your personal data is being processed,
• To request information if your personal data has been processed,
• To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom your personal data is transferred domestically or abroad,
• To request correction of your personal data in case of incomplete or incorrect processing,
• To request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
• To request notification of the transactions made pursuant to the previous two subparagraphs to third parties to whom your personal data have been transferred,
• To object to the emergence of a result against you by analysing your processed data exclusively through automated systems,
• To request compensation if you suffer damage due to the unlawful processing of your personal data,

In accordance with Article 13 of the KVKK, in order to exercise the above-mentioned rights, you may submit your request in writing, including your name, surname, Turkish Republic identity number for Turkish citizens; nationality, passport number, or identification number for foreign nationals; address, email address, phone and fax numbers, and the subject of your request, via the methods listed below, or you may contact us through our call centre:

8. Data Security

‍On our website, we take all necessary technical and administrative measures to ensure an adequate level of security to prevent the unlawful processing, access, alteration, and disclosure of personal data, and to ensure the retention and security of personal data. In addition, we have restricted access to your personal data by employees, representatives, business partners, and other third parties who require access to your data to fulfill their obligations, ensuring that they process your personal data only for the purposes specified in our instructions. We regularly review our security policies and procedures to ensure that our systems remain secure and protected.

9. Commercial Electronic Communications

‍You may request at any time the cessation of all commercial electronic communications we send for marketing/promotion purposes. To do so, you may use the links provided in the commercial electronic communications we send, or contact us through the communication addresses listed above

DATE: 13-07-2025