HOMEDIRECT PRIVACY POLICY

HOMEDIRECT PRIVACY POLICY

This Privacy Policy describes how Arcelik A.S., its affiliates and subsidiaries (collectively, the "Company") collect, process, share and protect your Personal Data that you provide when you download and use the HomeDirect application and the functions provided by the HomeDirect application (collectively, the "Services"). The Company may process your Personal Data in accordance with this Privacy Policy.

This Privacy Policy is an integral part of HomeDirect's Terms of Service.All terms used herein that are not otherwise defined in this Privacy Policy shall be understood as defined in the HomeDirect Terms of Service. Any matters not contained in these Terms of Service shall be governed by the HomeDirect'sTerms of Service.

Any personal data collected and processed by devices (such as a smart TV, smartphone or tablet) on which the HomeDirect application is running or by third party software that is installed on such a device, is not subject to this Privacy Policy. Such devices and software may process your personal data in accordance with their own privacy policies, and the Company shall not be held for any personal data processed in this way.

1.What personal data we collect

When you use the HOMEDIRECT application and the Services, we may, in accordance with the provisions of this Privacy Policy, collect certain personal data about you, including: name, surname, email address, user account, phone number, user name, data about the equipment operated by the HomeDirect application, the software used together with the HomeDirect application, the operational data of the equipment used to operate the HOMEDIRECT application, such as when and how long it is used, data from equipment sensors such as water hardness levels, mains data, equipment temperature levels, operational data about equipment components any equipment error information, map data collected by Lidar sensor, such as displayed errors and alerts, when such errors and alerts are displayed, information about the devices such as smart TV, smartphone or tablet on which you run the HomeDirect app and identification data of such devices, such as MAC number and serial number, and updates to the HomeDirect application and other Software.

We refer to all personal information that we collect about you as "personal information" or "personal data".Personal data or information refers to information and data that can be used to determining your identity.

2.Local regulations

The terms of this Privacy Policy are applicable to all our users. However, the laws of certain countries may require different levels of protection for personal information and data. For example, directives and regulations adopted by member countries of the European Union may impose different standards of protection for personal information and data.

Users agree and state that they are aware that the Company, its affiliates and subsidiaries may be located in a country outside the European Union and they consent to the collection, use and transfer of their personal information in accordance with this Privacy Policy.

Notwithstanding the foregoing, the Company, its affiliates and subsidiaries agree and undertake to provide the protections required by EU Directives and Regulations - including under the EU General Data Protection Regulation, hereinafter called the "RODO".

This commitment by the Company, its affiliates and subsidiaries does not relieve you of the obligation to comply with the laws of your country.

Special terms of this Privacy Policy are reserved.

3.How we use personal data

In accordance with applicable law, we use Personal Data for the following purposes based on the following legal bases:

Necessity of the contract

We may process your personal data where it is necessary for us to enter into a contract with you for the supply of our products or services or to perform our obligations under such contract. For example, the processing of your Personal Data may be necessary for:

i.to register you and enable you to use the HOMEDIRECT application and Services;

ii.to send you important notices and correspondence regarding changes to the Terms of Service and this Privacy Policy (via email or "push" notifications);

iii.keep internal records of software updates, technical services and other transactions to the extent necessary to provide HOMEDIRECT applications and Services.

Failure to provide certain Personal Data for processing for the above purposes will prevent us from providing you with the requested services or products.

Legal obligation

We may be required by law to collect and process certain Personal Information about you. For example, we may be required to process and disclose your Personal Information where we determine in good faith that it is necessary to do so in order to comply with applicable law or for purposes related to pending proceedings by, among others, judicial or other governmental authorities.

Legitimate interest of the controller

We may process your Personal Data where it is necessary to pursue our legitimate interests as a Company, including to manage, promote and improve its business and to manage our and our users' risks. For example, we may process your Personal Data in order to:

i.To inform you about new products or services of the Company and its affiliates by sending notices, advertisements or photographs by email, SMS and other similar electronic means of communication or through the HOMEDIRECT application and Services, unless receiving such communications requires your consent (see below). If you do not wish to receive such communications, simply follow the unsubscribe instructions included in the promotional communications you receive from us or contact us as described further in this Privacy Policy;

ii.To enable us to analyse and improve the HOMEDIRECT application and Services, as well as our other products and services, content and advertising;

iii.To comply with HOMEDIRECT's Terms of Service and this Privacy Policy, including to investigate possible breaches thereof;

iv.To detect, deter or otherwise address any fraud or security issues including but not limited to filtering any spam.

v.To give you advice on the contents, channels and your purchase of other products of our Company.

Your consent

Where required by applicable law, we are required to obtain your separate consent to process your Personal Data for certain purposes. For example, we may ask you to give separate consent to send you direct marketing communications or to collect data about your location in order to offer you services based on it. We may also ask you to provide separate consent for us to create your profile in order to personalise and improve our devices and other products, services or advertising and to provide you with improved and profiled after-sales services tailored to you. We create this profile by combining your Personal Information collected in accordance with this Privacy Policy with data collected from other sources, such as data collected through our sales and support teams, as well as data collected through other devices belonging to you (e.g., information regarding your home appliances, smart home devices, and electronic home appliances).

4.Direct marketing

We may use your personal information for marketing purposes, in particular, to display or show you advertisements and promotional materials, to inform you about our new products or to conduct free draws and prize competitions and other such information that we think may be of interest to you based on your history of and interest in our Services, but always provided that such use complies with applicable law. We will only send you any advertising, marketing, promotional materials or product information if you have opted in to receive such information by email and/or post.

Depending on the jurisdiction to which you are subject and in accordance with the applicable law in your country, we will ask you to give your express consent to receive the materials referred to above before sending them to you.

You may change your mind about your direct marketing preferences at any time by using the unsubscribe information on any such communications, updating your user profile, account details or contacting us. If you do so, we will not remove your personal information from our databases to the extent that it is still required by us under the terms of this Privacy Policy or in order to continue to provide our Services to you.

5.Location-based services

The Company may collect information about the location of your device and use, store, transmit or share such location based data through the HomeDirect Application and Services to provide location based services for its products.

Location data is collected anonymously in a product-based form that does not identify you personally and is used to provide and improve location-based products and services. Any such information will be processed in accordance with the terms of this Privacy Policy.

6.Data processed by third party applications, software or services (third party services)

When using the Application and the Services, you may also use several applications, programs and services provided by different third parties (such as the provider of the device on which the HomeDirect application is running or providers of other software running on the same device).

Such applications, software or services may process your personal information or data and are subject to separate terms of use and privacy policies.

Accordingly, the Company is not responsible for these privacy policies or practices of third parties.

7.The sharing of your personal data with third parties

In principle, we do not share or disclose your personal information or data to third parties. However, the Company may be required to share or use personal information and data in the following cases:

i.Other Arcelik Group companies: your Personal Information may be shared with other Arcelik Group companies, which may use it for the purposes set out in this Privacy Policy;

ii.Business Partners: Your Personal Information may be disclosed to third parties, such as business partners and suppliers, as necessary to provide the Services to you. For example, your Personal Information may be disclosed to third parties to enable them to provide you with advanced after-sales and repair services.

For more information, please see the section 6.

iii.Third Parties: Your Personal Information may be disclosed to a third party where it is necessary to comply with a legal obligation or decision of a court, public authority or governmental body, or where disclosure is necessary in connection with national security, law enforcement or an important public interest.

iv.Service Providers: Your Personal Information may be disclosed to companies that provide services to us, such as cloud computing companies. Service providers are required to maintain the confidentiality of your Personal Information and may not use it for purposes other than to provide services to us.

v.Third Parties and Company Sales: If we sell or assign our business assets or merge companies, we may transfer your Personal Information to one or more third parties as part of such transaction.

vi.Other Third Parties and Your Consent: With your consent, we may also share your Personal Information with other parties.

Disclosure of your personal information pursuant to the above may include disclosure to affiliates, subsidiaries or third parties located outside the European Union ("EU") or European Economic Area ("EEA"). If you are a resident of an EU or EEA member state, data protection laws outside the EU/EEA may not provide an equivalent level of protection as in your country.However, before transferring the personal information and data of a resident of an EU/EEA member state, we will take steps to ensure that such data is afforded the same level of protection as under existing EU/EEA data protection laws.

Your personal data will not be shared with third parties for purposes other than those set out in this Privacy Policy and will not be sold.

8.Security measures taken to protect your personal data

The Company takes administrative, technical and physical measures to protect your personal data from loss, theft, misuse, unauthorised access, disclosure, alteration and destruction.

We take care of the security of your personal data by using encryption and password protection where required and by restricting access to your data.

The automatic update status of the product during the initialization phase is off, and the user can set the automatic update to on in the settings after the device is initialized on the page of "Device"- "Setting"-"Device update"-"Automatic Updates" in the App.

9.Links to external content resources

Our Services may contain certain services or links that may redirect you to other websites, services or external content resources that are beyond our control.

We are not responsible for such direction and privacy of any personal information and data you provide on other websites. We do not accept any responsibility for these privacy policies.

10.Changes to this Privacy Policy

The Company may change and update this Privacy Policy from time to time. The Company will notify you of any material changes or additions to this Privacy Policy and will provide a copy of the revised Privacy Policy to you via the email address provided to the Company or by other appropriate means by which the Company notifies you of any changes to this Privacy Policy.

11.Access to the Privacy Policy and Withdrawal of Consent

In the HomeDirect application you can view the content of the latest "HomeDirect Privacy Policy", which you have read.

12.Your Rights for Your Personal Data

You have the following rights in relation to your personal data that we process:

i.the right to be informed as to whether your Personal Data is being processed by us and to request a copy of your Personal Data, as well as information regarding the processing of your Personal Data, including information on the purposes for which your Personal Data is being processed and whether it is being processed for the intended purpose, and information on third parties to whom your Personal Data is disclosed;

ii.the right to request rectification of any inaccurate or incomplete Personal Data;

iii.the right to request erasure of your Personal Data or restriction of its processing;

iv.the right to object to further processing of your Personal Data;

v.the right to withdraw your consent without affecting the lawfulness of the processing of personal data based on your consent before its withdrawal;

vi.the right to data portability in certain circumstances;

vii.the right to lodge a complaint with a supervisory authority;

viii.the right to challenge certain automated decision-making relating to you which produces legal or other significant effects. We do not normally make decisions by automated means, but we will nevertheless inform you if we do.

You can use the following contact details to exercise these rights:

Company Name: Arçelik A.Ş

Address: Karaağaç Cad. No:2-6 Sütlüce Beyoğlu, ISTANBUL

Phone: 0 212 314 3434

E-Mail: musteri.hizmetleri@grundig.com

Customer Services: 444 888

13.How to Contact Us for your Personal Information and Data

Please do not hesitate to contact us to learn more about our commitment to this Privacy Policy. You may use the contact information indicated in Section 12 of this Privacy Policy for this purpose.

VULNERABILITY DISCLOSURE POLICY

We take security issues extremely seriously and welcome feedback from security researchers in order to improve the security of our networked products, apps and cloud services. We operate a policy of coordinated disclosure for dealing with reports of security vulnerabilities and issues. We appreciate reporting identified vulnerabilities, regardless of service contracts or product’s, apps’ and/or cloud services’ lifecycle status.

To privately report a suspected security issue to us for one of our networked products, mobile apps or cloud services, please send your report to psirt@homewhiz.com.

We will be glad if you can give some basic details, typically:

• Name/type of affected product/app/service, plus specific model number, serial number, etc.

• Any Proof of Concept(PoC) setup details

• Description of the steps to reproduce the issue

• Public references if there is any

We recommend you to encrypt all e-mail communications with our Product Security Incident Response Team’s public PGP key.

By following the HomeWhiz Vulnerability Disclosure Policy, we will respond you within a maximum 48 hours upon receving the initial report. If the reported security issue will be confirmed by looking at the impact, severity and exploit complexity of the vulnerability report; we may ask for your further contribution to resolve the potential vulnerability within 90 days, and we will be updating you about the progress every 2 weeks. We also kindly ask you to keep the vulnerability confidential, and expect you to refrain from, such as conducting unapproved denial of service attacks, load tests, social engineering or other undesirable activities, until we make a fix available.

Once the fix is available, we will notify you and recognise your efforts on this page, upon your confirmation.

Our company's vulnerability disclosure policy is based on the CVSS score.

Hall of Fame

HomeWhiz recognizes the efforts of vulnerability reporters and researchers. We would like to thank everybody who contribute to our products’, apps’ and cloud services’ security infrastructure and helps to make our World more secure.