1. Data Protection Statement for Alotech Group of Companies

The controllers as per the EU General Data Protection Regulation (“GDPR”) are: Alotech Group of Companies: Locations: TURKEY ALOTECH İLETİŞİM TEKNOLOJİLERİ TİC. A.Ş / TURKEY (Head Quarter) Dumlupınar Mahallesi Yumurtacı Abdi Bey Caddesi Nuhoğlu Yenitepe Projesi No:4 A Blok Daire 207, 34720 Kadıköy/İstanbul, Turkey Website: https://alotech.com.tr E-Mail: [email protected] General Manager: Mr. Cenk SOYAK ALOTECH İLETİŞİM TEKNOLOJİLERİ TİC. A.Ş (Technopark Office – Branch office) YTÜ Davutpaşa Kampüsü Teknoloji Geliştirme Bölgesi Ar-Ge 1 Binası, B Blok Zemin Kat No: 2 Esenler, 34220 İstanbul, Türkiye Website: https://alotech.com.tr E-Mail: [email protected] Locations: United States of America (Subsidiary Office of ALOTECH İLETİŞİM TEKNOLOJİLERİ TİC. A.Ş) betterinvestor, Inc. 651 N Broad Street, Suite 206 Middletown, 19709, New Castle Website: https://betterinvestor.org E-Mail: [email protected] General Manager: Mr. Cenk SOYAK betterinvestor, Inc. (Branch Office) 1 East Erie St. Suite 525 PMB 4651, Chicago, IL, 60611 Website: https://betterinvestor.org E-Mail: [email protected] Representative of betterinvestor Inc.: Representative of betterinvestor S.R.L: Mr. Bektaş Doğan Bucharest Sector 4, Strada PANSELELOR, No. 6, O CAMERĂ, Block 142, Staircase 2, Floor 4, Apt. 76, Bucharest, Romania Website: https://callcenterstudio.ro E-Mail: [email protected] Trade Register: J40/15090/2021

2. What is GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR) was approved by the European Commission (EC) on 27 April 2016 and becomes law on 25 May 2018. It replaces the previous European Commission legislation which dealt with data protection, which was the Data Protection Directive of 1995, and one of the major differences between the GDPR and the previous law is that the GDPR is a Regulation rather than a Directive. This means that it automatically becomes law in each of the countries that make up the European Union without each of these countries needing to create their own, individual laws (in contrast with the previous Directive where, in each of the member states, a separate Data Protection Act had to be passed by the relevant state legislative body to enact it).

• Recitals – 173 numbered paragraphs that lay out the principles and intentions of the Regulation; if you like, the background. (The Recitals are important because they provide additional details and insight into the purpose and functions of the Articles.)

• Articles – the 99 sections that set out the detail of the Regulation – this is the part that must be complied with.

• Leading on from this, it means that if your organization doesn’t look after that data in the way the GDPR requires, your organization may be subject to the penalties that the Regulation allows.

• But the mainstay of what the GDPR is about is forcing organizations to take the protection of the personal data of EU citizens seriously.

2.1.Aim and Scope of our Policy

We hereby thank and appreciate you for visiting our website and your interest in our services we offer all around the world including EU, US, Middle East & APAC. The websites and our unique offerings are designed and done available by the companies in Alotech group of companies as mentioned above.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.2. Personal Data

Personal Data: Any kind of information can be personal data provided that it relates to an identified or identifiable person. Personal data covers information pertaining to the private life of a person, which also includes professional activities, as well as information about his or her public life. Under EU law, information contains data about a person if

• an individual is identified or identifiable by this information; or

• an individual, although not identified, can be singled out by this information in a way which makes it possible to find out who the data subject is by conducting further research.

2.3. Data Subject

Data Subject: Under EU law, natural persons are the only beneficiaries of data protection rules (Article 1) and only living beings are protected under European data protection law (Recital 27. See also Article 29 Working Party (2007), Opinion 4/2007 on the concept of personal data, WP 136, 20 June 2007, p. 22.) The General Data Protection Regulation (GDPR) defines personal data as any information relating to an identified or identifiable natural person.

2.4. Data Subject Rights

Data subjects shall have the right to access their own data and obtain certain information about the processing. they have their data rectified by the controller processing their data. If the data are inaccurate, the controller erase their data, as appropriate, if the controller is processing their data illegally, they have the right to temporarily restrict processing, they have their data ported to another controller under certain conditions. Additionally, data subjects shall have the right to object to processing on: grounds relating to their particular situation he uses of their data for direct marketing purposes.

Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal effects or that significantly affect them. Data subjects also have the right to obtain human intervention on the part of the controller express their point of view and contest a decision based on automated processing. If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact your local supervisory authority at any time with a complaint.

3. Data protection principles

All personal data obtained and held by us will: be processed fairly, lawfully and in a transparent manner be collected for specific, explicit, and legitimate purposes be adequate, relevant, and limited to what is necessary for the purposes of processing be kept accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased without delay not be kept for longer than is necessary for its given purpose.

In addition, personal data will be processed in recognition of an individuals’ data protection rights, as follows: the right to be informed the right of access the right for any inaccuracies to be corrected (rectification) the right to have information deleted (erasure) the right to restrict the processing of the data the right to portability the right to object to the inclusion of any information.

3.1. Data Processing

We process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

4. Records

• We keep records of its processing activities including the purpose for the processing and retention periods in our HR Data Record. These records will be kept up to date so that they reflect current processing activities.

• Our visitors can inform us immediately if they believe that the data is inaccurate, either as a result of a subject access request or otherwise. We will take immediate steps to rectify the information.

We adopt procedures designed to maintain the security of data when it is stored and transported. All files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them All files or written information of a confidential nature are not left where they can be read by unauthorised people We check regularly on the accuracy of data being entered into computers.

5. Personal Data Breach notification

Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the Information Commissioner within 72 hours of the Company becoming aware of it and may be reported in more than one instalment.

Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual. If the breach is sufficient to warrant notification to the public, we will do so without undue delay.

6. Provision of the website and creation of log files When you visit our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (in the form of server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and similar information. This is exclusively information which does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the internet. They are processed in particular for the following purposes.

ensuring a trouble-free connection of the website, ensuring smooth use of our website, evaluating system security and stability as well as for other administrative purposes.

7. How to use cookies

Like many other websites, we use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. Cookies automatically provides us with certain data, such as your IP address, browser, operating system and internet connection. Using the information contained in cookies enables us to make it easier for you to navigate our web pages and to display them correctly.

8.What personal information do we collect?

We require certain personal information in order to provide you with this service. You enter some of this data in our websites and or directly by email, fax or by Post. If you become our partner or customer, then we will create an account in our files. Fax, email, Telephone, social network, CCS website.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

Opposition and removal possibility The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of contacting will be deleted in this case.

9. Questions and complaints

If you have any questions or concerns about the way we use your personal information, please contact our Data Protection Officer: Mr. K. Hakan Hasserbetci,
Effective Date: December 11, 2022