WEBSITEPRIVACY STATEMENT

Our Identity as Data Controller

REACHGlobal Services S.A.   (RGS) is a professional regulatory consultingcompany advising clients in the chemicals and cosmetics industries to complywith European Union and Turkish Republic chemicals legislation. RGS SA isheadquartered in Brussels, Belgium and has a strong market presence in Turkeywith an office in Istanbul. Our two locations are ideal for maintaining closecontact and excellent communication with our clients, especially our Turkishchemical industry clients, but also ensuring proximity to the European UnionCommission and CEFIC (European Chemicals Federation) and Cosmetics Europe, allbased in Brussels .

Contact:

RGS -Belgium
Reach Global Services SA,Rond Point Schuman, 6 Box 5
B-1040 Bruxelles / Belgium
Phone: +32 (2) 234 77 78  Fax: +32 (2) 234 79 11
E-mail: info@reach-gs.eu

RGS -Turkey
DisTicaret Kompleksi, A-Blok Çobançesme Mevkii
Sanayi Caddesi 34197 Yenibosna - Istanbul / Türkiye
Phone: +90 (212) 454 09 93  Fax: +90 (212) 454 00 99

This privacy statement provides an overview ofthe processing of our website and is intended for all customers and visitorssurfing on our website.

Every Access to Web Site

VGS System Login

Cookies

In particular, the following data are stored about every access/retrieval:

·          anonymised IP address

·          the operating system used,

·          the device used,

·          the country of origin from where the access was made,

·          date and time

·          accessed page/name of the retrieved file

·          the volume of transferred data

·          notification whether the access/retrieval was successful

If you use VGS System on your visit, the following data are stored:

·          User name/Password

·          IP Adress

·          Activity when you are on VGS

·          Activity date and Time

·          If you do any payment, your credit card data

Cookies

·          Essential Cookies are necessary for the website to function properly and you cannot refuse.

·          Functional Cookies are only placed after you have made a choice.

·          Analytical Cookies and Advertising Cookies on the other hand, are not mandatory. These cookies are only placed if you choose to do so.

You can check our cookie policy for further information about cookies.

Your personal data is processed forthe purpose of;

·         enteringinto a contract with you,

·         performingour contract,

·         ensuringcustomer satisfaction,

·         maintainingour commercial reputation,

·         resolvingdisputes,

·         preventingfraud (monitoring and control of our systems, credit card payments, determiningthe validity of your card)

·         businessperformance and development,

·         thesafety and security of our employees and guests, monitoring food safety andcleanliness, monitoring any accidents and undesirable situations, preventing crimeand detecting crime (using security cameras and call recording system)

·         marketingof our products and services,

·         conductingour business in accordance with the legal regulations.

Lawfulness, fairness and transparency: We process your personaldata lawfully, fairly and in a transparent manner.

Purpose limitation: We collect your personal datafor specified, explicit and legitimate purposes and not further processed in amanner that is incompatible with those purposes

Data minimisation: Personal data is alladequate, relevant and limited to what is necessary in relation to the purposesfor which they are processed.

Accuracy: Personal data is all accurate and,where necessary, kept up to date and that reasonable steps will be taken toensure that personal data that are inaccurate, having regard to the purposesfor which they are processed, are erased or rectified without delay.

Storage limitation: We keep your personaldata in a form which permits identification of data subjects for no longer thanis necessary for the purposes for which the personal data are processed

Integrity and confidentiality: We process your personaldata in a manner that ensures appropriate security of the personal data byusing appropriate technical or organisational measures including protectionagainst unauthorised or unlawful processing and against accidental loss,destruction or damage.

Accountability: We are responsible for,and are able to demonstrate compliance with all principles above.

Terms of Processing of Personal Data and Our Purposes for Data Processingin Accordance with Them

Personal data may be processed inorder to meet legal obligations. In this context, your personal data isprocessed in order to fulfil our legal obligations.

Personal data may be processed if processingis necessary for the performance of a contract to which the data subject isparty or in order to take steps at the request of the data subject prior toentering into a contract;

Personal data may be processed forour legitimate interests, if it does not harm your fundamental rights andfreedoms.

On this website we do not process anypersonal data.

In accordance with the terms ofprocessing of personal data and our purposes of processing data above, yourpersonal data is transferred to;

Authorized public institutions tofulfil our duties in accordance with our contract with you as OnlyRepresentative.

Authorized public institutions andsecurity forces to fulfil our legal obligations, as stipulated by law,

Our suppliers and other real personsand private legal entities in order to continue our commercial activities, tofulfill the requirements of our contracts and to protect our legitimateinterests. The main ones are; our processors who are responsible for our ICTinfrastructure, payment providers, IT service providers, legal serviceproviders.

In accordance with GDPR, we transferyour data to outside the European Economic Area only if one of the conditionsbelow is met:

·          If thecountry we transfer your data has adequate protection due to European Comissiondecision.

·          If thecontroller or processor has provided appropriate safeguards, and on conditionthat enforceable data subject rights and effective legal remedies for datasubjects are available. These safe guards are provided by

•    standarddata protection clauses adopted by the Commission in accordance with theexamination procedure referred to in Article 93(2) of GDPR;

•    bindingcorporate rules in accordance with Article 47 of GDPR;

•    alegally binding and enforceable instrument between public authorities orbodies;

RGS SA may need to send personal dataof customer employees in order to perform the contract signed between them inaccordance with Art.49 Sec. 1 lit. b GDPR.

RGS takes all kinds of administrativeand technical measures to ensure the security of your personal data under aninformation security management system application. As administrative measures;

•   Personal data securitypolicies and procedures have been established, monitoring of personal datasecurity is carried out by senior management,

•   Personal data is notprocessed except for its purpose, personal data is minimized as much aspossible,

•   An authorization matrixhas been established for employees,

•   Confidentiality commitmentsare made with employees,

•   Contracts signed withsuppliers and other persons transferred data include data security provisions,

•   Necessary securitymeasures are taken regarding entry and exit to physical environments containingpersonal data,

•   Physical environmentscontaining personal data are provided for safety against external risks (fire,flood, etc.).

As technical measures;

•   Cyber security is seen asa whole and digital environments that contain physical infrastructures, applicationsand information are constantly monitored,

•   Intrusion detection andprevention systems are used,

•   User account management andauthorization control system is applied,

•   Firewalls are used,

•   Current anti-virus software is used,

•   Access logs to informationsystems are kept in such a way that there is no user intervention,

•   Personal data is backed up andstored, and they are secured.

You have the right to withdraw anyexplicit consent we receive from you regarding our data processing purposesthat require your explicit consent. In addition, within the scope of the rightsgranted to you by the legal regulations, you have the right;

•   to find out if yourpersonal data has been processed, to request information if your personal datahas been processed,

•   to find out the purposefor which your personal data is processed and whether it is being used inaccordance with its purpose,

•   to know the third partiesto whom your personal data is transferred at home or abroad,

•   request that your personaldata be corrected if your personal data is incomplete or improperly processed,request that they be deleted or destroyed in accordance with the terms setforth in the Act, and request that such transactions be reported to thirdparties to whom your personal data is transferred,

•   object to an outcomeagainst you by analysing your processed data, especially through automatedsystems,

•   to claim damages if yousuffer losses due to unlawful processing of your personal data.

We have taken every precaution tomake your rights available. However, in accordance with the Rescript on theProcedures and Principles of Applying to the Data Officer published by thePersonal Data Protection Board, it was deemed mandatory to have the followinginformation in your application:

  • name, surname and signature if the application is written,
  • nationality, ID Card Number, passport number or if any identification number
  • principal settlement or if any workplace address of notification
  • if any e-mail to the notification address, phone and fax number,
  • subject to request.

You can prepare a petition containingthe above information yourself, or you can exercise your rights by using theapplication form you will obtain from our website of www.reach-gs.eu

Applications that do not containincomplete information will be finalised in accordance with the law and therules of honesty, not exceeding 30 days. If there is incomplete information inthe application, additional information will be requested from you and yourapplication will be answered.

It is possible to submit yourapplication by choosing one of the following 5 methods.

Applying in person: You can apply at ouraddresses above in person by verifying your identity or by submitting a proxy.The application may also be with an application form or a petition, but must besigned wet.

Application by Mail: You can apply by postinga wet signed application form or petition to the address above. If theapplication was made through a proxy, the original document of attorney mustalso be placed in the envelope.

Application by Notary: You can apply to theaddresses above in person or through the proxy through the notary. In thisapplication, it should be specified by which method the answer is requested.

Application via Registered ElectronicMail (KEP): You can apply by email to ..... Unless otherwise stated, the answer willstill be sent to your KEP address. reachglobal@hs01.kep.tr

Application by e-mail: If your e-mail addresshas been processed by us before, the application can also be done by e-mail toour e-mail address of kvkk@reach-gs.eu

The answer to the application is doneby the method used in the application unless otherwise stated. If you request,a reply can be sent with any of the above methods.

Applications are free of charge.However, if we need a cost to respond, a fee may be charged according to thetariff set by the Personal Data Protection Board. According to the request, ifit is understood that there was a fault of RGS SA, the fee will be refunded.