Privacy Policy - Personal Data Processing Disclosure

The company processing your personal data as "data controller" under KVKK: Yemap Teknoloji ve Gıda Sanayi ve Dış Ticaret A.Ş. Address: ATAKÖY 7-8-9-10. KISIM MAH. ÇOBANÇEŞME E-5 YAN YOL CAD. A NO: 22 /1 İÇ KAPI NO: 30 BAKIRKÖY / İSTANBUL In this text, it will be referred to as "Yerinde" or "Company".

1. Identity Information

a. Name, surname b. Date of birth or age information (if requested) c. Your membership profile information

2. Contact Information

a. Mobile phone number b. Email address c. Your preferred language and notification preferences

3. Membership and Account Information

a. Username / profile information b. Membership start/end dates c. Membership type (free period, monthly subscription, etc.) d. Your account status, membership cancellation/suspension records

4. Transaction and Reservation Information

a. Restaurants where you made reservations, date, time, number of people b. Reservation confirmation, cancellation, no-show records c. Usage statistics related to reservations d. Discount rates and savings ("saved") amounts applied to relevant reservations

5. Financial and Payment Information

a. Subscription plan, subscription start and renewal dates b. Payment method information (whether credit/debit card, installment information, etc.) c. Payment transaction date, amount, currency d. Invoice information (name-surname, tax office/tax number, invoice address, etc., if you request an invoice) e. Your credit/debit card information is processed through token/masking method via the payment service provider contracted with the Company; Yerinde does not store your complete card number in its systems.

6. Location and Usage Data

a. City/region information you share while using the application b. Approximate location data if you grant permission from your device c. Your in-app behavior (visited pages, clicked areas, viewed restaurants, etc.)

7. Technical and Log Records

a. IP address b. Device type, operating system, browser information c. Usage time, session duration d. Error logs and performance logs

8. Request/Complaint and Communication Records

a. Content of your applications made through email, contact form, call center, or in-app support channels with Yerinde b. Transaction records related to your requests/complaints

9. Marketing and Consent-Based Data

a. Your commercial electronic message permission status b. Your campaign/offer preferences c. Your responses given within the scope of surveys or satisfaction studies d. If you have given explicit consent, your transaction/time/preference data to enable us to generate customized campaign suggestions according to your profile.

Your personal data is processed for the following purposes within the framework of legal reasons specified in Articles 5 and 6 of KVKK:

3.1. Service Provision and Membership Relationship Management

• Creation of your membership registration and management of your account through the Yerinde mobile application and website • Operation of the free period, trial periods, and the monthly subscription model that will take effect afterwards • Tracking of your subscription plans, management of renewal/cancellation transactions • Enabling you to create, view, and manage reservations at restaurants and other businesses • Tracking of your reservation statuses (confirmation, cancellation, no-show) • Execution of discounted dine-in processes related to reservations • Operation of all other functions offered through the Platform (favorite listing, past transactions, etc.)

3.2. Execution of Payment and Subscription Processes

• Execution of payment transactions related to monthly subscription and similar paid services • Providing the necessary technical and financial integration with payment service providers • Execution of billing processes (e-invoice, e-archive operations if any) • Payment disputes, refund processes, and keeping financial records

3.3. Customer Relations, Communication and Support

• Receiving, evaluating, and finalizing requests and complaints • Sending information messages related to membership and reservation transactions (e.g., reservation confirmation, changes, cancellation, payment reminders, etc.) • Contacting you when necessary (no-show situations, extraordinary situations, system changes, etc.)

3.4. Product and Service Development, Analysis and Reporting

• Analysis of your Platform usage habits (which restaurants are of interest, which hours are preferred, etc.) • Improvement of our service quality, improvement of user experience • Preparation of statistical reports and performance measurements related to Yerinde's business model • Anonymized analysis of data such as occupancy, demand intensity, savings amounts from reservation and discount data

3.5. Marketing, Campaign and Commercial Communication (With Explicit Consent)

• If you give explicit consent; promotion of special campaigns, discounts, and opportunities for you • Making restaurant/offer suggestions suitable for your profile (personalized marketing) • Sending commercial electronic messages through channels such as email, SMS, push notification • Measuring campaign performances, conducting feedback and satisfaction studies

3.6. Fulfillment of Legal Obligations and Dispute Management

• Keeping financial records, fulfilling audit and reporting obligations within the scope of relevant legislation • Meeting information requests from authorized institutions and organizations • Using evidence and records in case of possible disputes, legal processes, or official applications • Fulfillment of KVKK, tax legislation, consumer legislation, and other legal obligations

Your personal data is processed based on the following legal reasons:

KVKK Art.5/2 (c) – Establishment or performance of a contract

Processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract: • Establishment and performance of the membership agreement • Creation and execution of reservations • Execution of subscription and payment transactions

KVKK Art.5/2 (ç) – Legal obligation

It is mandatory for the data controller to fulfill its legal obligation: • Keeping financial records, issuing invoices • Information storage and sharing obligations within the framework of relevant legislation

KVKK Art.5/2 (f) – Legitimate interest

Processing of data is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject: • Ensuring the security of the Platform • Service improvement, development, and performance analysis • Tracking no-show behaviors, preventing abuse • Creating anonymized statistical data

KVKK Art.5/1 and Art.6 – Explicit consent

Having your explicit consent: • Sending commercial electronic messages (campaigns, advertisements, special offers, etc.) • Location-based recommendations and personalized marketing activities • Some special category data processing activities if deemed necessary (with explicit consent)

Your personal data is collected through the following methods, automatically or partially automatically: • Information you enter when creating a membership registration through the Yerinde website and mobile application • Data you provide during your reservation, subscription, and payment transactions • Log and transaction records generated during your use through the application and web interface • Support requests, emails, contact forms, and call center conversations • Confirmation and usage information related to your reservations transmitted by businesses to Yerinde (e.g., no-show situations) • Cookies and similar tracking technologies (details are provided separately in the Cookie Policy)

Your personal data may be transferred to the following recipient groups in accordance with KVKK and relevant legislation:

1. Businesses / Restaurants

a. For processing, confirming your reservations, and performing the service; b. Your name, surname, reservation date/time/number of people, contact information, reservation notes may be shared with the Business.

2. Payment Institutions and Financial Institutions

a. For the execution of subscription and other payment transactions; b. Limited and necessary data such as payment amount, transaction time, card type may be transferred to the contracted payment service provider. Your card information is processed directly by the payment institution and Yerinde does not have full access to this information.

3. Service Providers and Business Partners

a. Third parties providing information technology infrastructure, hosting services, SMS/email sending services, call center services, customer relations, and analytical solutions b. These persons and organizations can access data only to the extent necessary to provide the relevant service and within contractual limitations.

4. Authorized Institutions and Organizations

a. Data transfer may be made to relevant official institutions and organizations in accordance with court decisions and administrative requests for the purpose of fulfilling our legal obligations.

Some information technology infrastructures, email service providers, or cloud-based services used by the Company may be of foreign origin. In this context, when your personal data is transferred abroad: • KVKK Article 9 provisions are followed, • Transfer is made within the framework of countries with adequate protection announced by the Personal Data Protection Board or commitments signed with data controllers in relevant countries and Board permission in case of inadequate protection, • Your explicit consent is obtained when necessary. When overseas transfer is in question, you will be informed separately if you request up-to-date information.

Your personal data is stored considering; • Periods stipulated in relevant legislation, • Periods required by the purposes specified in this Disclosure Text, • Legitimate interests of the data controller and legal statute of limitations and is deleted, destroyed, or anonymized in accordance with KVKK and relevant legislation when these periods expire. For example: • Membership information, during your membership period and during the relevant statute of limitations after membership ends, • Financial records, for the periods stipulated in tax and commercial legislation, • Reservation data may be stored for reasonable periods in line with dispute and statistical analysis needs.

Pursuant to Article 11 of KVKK, as a data subject, you have the following rights by applying to Yerinde: 1. Learning whether your personal data is processed, 2. Requesting information about it if your personal data has been processed, 3. Learning the purpose of processing your personal data and whether they are used in accordance with their purpose, 4. Knowing the third parties to whom your personal data is transferred domestically or abroad, 5. Requesting correction if your personal data has been processed incompletely or incorrectly, 6. Requesting deletion or destruction in accordance with KVKK and relevant legislation provisions, 7. Requesting that correction, deletion, or destruction requests be notified to third parties to whom your personal data has been transferred, 8. Objecting to the emergence of a result against you through analysis of processed data exclusively by automatic systems, 9. Requesting compensation for damages if you suffer damage due to unlawful processing of your personal data.

You can submit your requests regarding your rights; • In writing, with a wet-signed petition to the Company address, • Through registered electronic mail (KEP) address, secure electronic signature, mobile signature, or other methods specified in KVKK, • Through other application channels that the Company will announce in the future and are compliant with KVKK Your applications will be finalized within 30 days at the latest in accordance with KVKK and relevant legislation. If the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be requested.

Yerinde reserves the right to make changes to this Disclosure Text in line with legal and operational requirements. The current text becomes effective from the moment it is published on the Platform.