As FONET Bilgi Teknolojileri A.Ş. Senior Management, we undertake that it will prove its commitment to the installation, operation, monitoring, review, maintenance and continuous improvement of the Information Security Management System (ISMS) in accordance with the TS ISO / IEC 27001 standard by realizing the following issues.

• Documentation, certification and continuous improvement of our information security management system in line with the requirements of the ISO 27001 Information Security Management System standard.
• Complying with all legal regulations and agreements with third parties (business partners, customers, suppliers) regarding information security.
• Systematic management of risks to our information assets.
• Providing necessary trainings to all our employees in order to raise awareness on information security.
• Ensuring secure access to information technology systems and ensuring the continuity of access to these systems,
• Periodic and continuous risk assessment and processing,
• Performing security tests and audits within the scope of independent review of information security,
• Allocate the necessary resources for information security management and assign relevant roles and responsibilities,
• Managing the activities we carry out to ensure the continuity of our core and supporting business processes in an integrated manner with our other management systems

The first priority and assets that need to be protected are company records, information obtained in line with customer contracts, personal data belonging to real persons for whom we are responsible for data, information obtained due to investment and R&D projects, application development documents of all projects, source codes and the media that store, process and transmit them. Necessary controls are implemented to protect the confidentiality, integrity and accessibility of these assets.

Therefore;

• Confidentiality of information is protected,
• Information cannot be shared with unauthorized persons intentionally or as a result of inattention,
• Information is protected against unauthorized access,
• Integrity of information is ensured by protection against unauthorized modification,

Information is made available to authorized users when necessary.

Without compromising on quality and security in order to maintain and increase the experience and reputation it has gained since its establishment;

• To produce reliable, user-friendly smart software that meets customer expectations by using current and developing technologies, To ensure the development of products by evaluating all kinds of ideas and thoughts from our stakeholders by complying with legal requirements and standards in all works,
• To maximize customer satisfaction by producing high-tech products for customer needs,
• To contribute to the development of our employees with a family-oriented approach,
• To ensure the continuity and development of quality and information by complying with the Quality Management System Conditions,

We ensure the implementation and continuous improvement of the requirements of the Management System standards with the participation of all our employees.

FONET BİLGİ TEKNOLOJİLERİ A.Ş.

CLARIFICATION TEXT ON THE PROTECTION OF PERSONAL DATA WITHIN THE SCOPE OF THE LAW ON THE PERSONAL DATA PROTECTION

Identity of the Data Controller

This clarification statement has been prepared by Fonet Bilgi Teknolojileri A.Ş. (“Company”) as the data controller within the scope of Article 10 of the Law No. 6698 on the Protection of Personal Data (“PDPL”) and the Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Disclosure Obligation (“Communiqué”).

In this context, our Company, as the data controller, will collect, store, process and, if necessary, transfer your personal data provided through various channels to third parties in order to carry out our activities effectively.  In accordance with the PDPL and the relevant sub-regulations, our Company takes the necessary measures as the data controller in the stages of collecting, storing, processing your personal data only for the specified purposes and, if necessary, transferring it in accordance with the legislation.

Purposes of Processing Personal Data

Our Company collects, processes, stores and transfers personal data from our employees, stakeholders, customers and related third parties and organizations in addition to the information that it is obliged to receive from our employees, stakeholders, customers and related third parties and organizations, and collects, processes, stores and transfers personal data that it considers necessary only to provide the best service.

In this context, in addition to the effective presentation of our Company’s products and services, providing general information about the product/service, maintaining these services by our affiliates and business partners; To contact you regarding products and services, to carry out marketing and informative activities, to carry out customer satisfaction studies, to share offers regarding our services, to increase our service quality, to improve our service quality, to make improvements for the needs of our customers and stakeholders, to customize our products and services in line with usage needs and habits, to send newsletters and invitations, to carry out analysis and reporting studies, to complete the reporting and examinations deemed necessary within the scope of the Company’s activities, our Company processes your personal data within the rules determined in the PDPL and its sub-regulations, only limited to its purposes.

Your personal data may be stored and processed in any case in accordance with the periods required by the PDPL and the relevant legislation as long as the above-mentioned legitimate purposes do not expire. If you request the deletion or erasure or anonymization of your personal data, this request shall be fulfilled within the period determined by legal regulations; during this period, your personal data shall not be processed and shared with third parties, except for the obligations arising from national and international laws, regulations and contracts.

Method and Legal Grounds for Collecting Personal Data

Your personal data may be collected verbally, written or electronically through various channels, including but not limited to our Company’s units, website, social media platforms and mobile applications. Additionally, your personal data may be obtained automatically or manually when you use our website to browse our Company’s products and services, when you visit our Company or our website, when you participate in trainings, seminars or organizations organized by our Company.

The aforementioned personal data are processed by automatic and manual methods based on the legal reason “it is mandatory for the data controller to fulfill its legal obligation”, “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” in Article 5 of the PDPL.

Transfer of Personal Data

Your personal data may be transferred to legal authorities or relevant law enforcement agencies in order to resolve legal disputes or in accordance with the relevant legislation, to public legal entities in accordance with legal obligations, to organizations from which we receive services, cooperate, program partner organizations in order to carry out our activities, to specially authorized organizations in order to carry out transactions within the scope of our activities, to carry out the necessary work by our business units in order to benefit you from the products and services offered by our company, For the purposes of recommending our Company’s products and services to you by customizing them according to your preferences, usage habits and needs, ensuring the legal and commercial security of our Company, and carrying out Human Resources policies, our business partners, suppliers, their affiliates, subsidiaries, company officials, shareholders, to the extent permitted by the provisions of the applicable legislation, within the framework of the personal data processing conditions and purposes specified in Article 8 of the PDPL regarding the transfer of personal data and Article 9 regarding the transfer of personal data abroad. Article 8 regarding the transfer of personal data and Article 9 regarding the transfer of personal data abroad within the framework of the personal data processing conditions and purposes specified in Article 9.

Rights of the Person Whose Personal Data is Processed

In line with Article 11 of PDPL; to learn whether your personal data has been processed, to request information if your personal data has been processed, to learn the purpose of processing personal data and whether they are used in accordance with their purpose, to know the third parties to whom personal data is transferred domestically or abroad, to request correction of personal data in case of incomplete or incorrect processing, to request deletion or destruction of personal data, In case of correction, deletion or erasure of personal data, you have the right to request notification of these transactions to third parties to whom personal data is transferred, to object to the occurrence of a result to the detriment of the person itself by analyzing the processed data exclusively through automated systems, and to request compensation for damages in case of damage due to unlawful processing of personal data.

In this context, the requests submitted to us through the methods regulated in the legislation will be finalized by our company as soon as possible, within thirty days at the latest, free of charge. However, if the transaction creates any cost, the fee in the tariff determined by the Personal Data Protection Authority will be applied. In accordance with paragraph 1 of Article 13 of the PDPL; You may send your relevant request, including your explanations that you wish to exercise your rights under Article 11 of the PDPL, in written form or by other methods determined by the Personal Data Protection Authority, through the contact addresses specified below or by other methods specified in the PDPL and related sub-regulations.

Address: Kızılırmak Mahallesi 1445. Sokak No: 2B/1 The Paragon Tower   Çankaya / ANKARA

Phone: +90 312 438 59 19

Fax: +90 312 440 36 52

E-Mail: fonet.kvkk@fonetbt.com

REM address for PDPL: fonetbt@hs01.kep.tr

FONET BİLGİ TEKNOLOJİLERİ A.Ş.

CLARIFICATION TEXT FOR CANDIDATE AND EXISTING PERSONNEL

WITHIN THE SCOPE OF THE LAW ON THE PROTECTION OF PERSONAL DATA

Identity of the Data Controller

This clarification statement has been prepared by Fonet Bilgi Teknolojileri A.Ş. (“Company”) as the data controller within the scope of Article 10 of the Law No. 6698 on the Protection of Personal Data (“PDPL”) and the Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Disclosure Obligation (“Communiqué”).

In this context, our Company, as the data controller, will collect, store, process and, if necessary, transfer your personal data provided through various channels to third parties in order to carry out our activities effectively.  In accordance with the PDPL and the relevant sub-regulations, our Company takes the necessary measures as the data controller in the stages of collecting, storing, processing your personal data only for the specified purposes and, if necessary, transferring it in accordance with the legislation.

Purposes of Processing Personal Data

Our Company collects, processes, stores and transfers personal data from our employees, stakeholders, customers and related third parties and organizations in addition to the information that it is obliged to receive from our employees, stakeholders, customers and related third parties and organizations, and collects, processes, stores and transfers personal data that it considers necessary only to provide the best service.

In this context, in addition to the effective presentation of our Company’s products and services, providing general information about the product/service, maintaining these services by our affiliates and business partners; To contact you regarding products and services, to carry out marketing and informative activities, to carry out customer satisfaction studies, to share offers regarding our services, to increase our service quality, to improve our service quality, to make improvements for the needs of our customers and stakeholders, to customize our products and services in line with usage needs and habits, to send newsletters and invitations, to carry out analysis and reporting studies, to complete the reporting and examinations deemed necessary within the scope of the Company’s activities, our Company processes your personal data within the rules determined in the PDPL and its sub-regulations, only limited to its purposes.

Your personal data may be stored and processed in any case in accordance with the periods required by the PDPL and the relevant legislation as long as the above-mentioned legitimate purposes do not expire. If you request the deletion or erasure or anonymization of your personal data, this request shall be fulfilled within the period determined by legal regulations; during this period, your personal data shall not be processed and shared with third parties, except for the obligations arising from national and international laws, regulations and contracts.

Method and Legal Grounds for Collecting Personal Data

Your personal data may be collected verbally, written or electronically through various channels, including but not limited to our Company’s units, website, social media platforms and mobile applications. Additionally, your personal data may be obtained automatically or manually when you use our website to browse our Company’s products and services, when you visit our Company or our website, when you participate in trainings, seminars or organizations organized by our Company.

The aforementioned personal data are processed by automatic and manual methods based on the legal reason “it is mandatory for the data controller to fulfill its legal obligation”, “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” in Article 5 of the PDPL.

Transfer of Personal Data

Your personal data may be transferred to legal authorities or relevant law enforcement agencies in order to resolve legal disputes or in accordance with the relevant legislation, to public legal entities in accordance with legal obligations, to organizations from which we receive services, cooperate, program partner organizations in order to carry out our activities, to specially authorized organizations in order to carry out transactions within the scope of our activities, to carry out the necessary work by our business units in order to benefit you from the products and services offered by our company, For the purposes of recommending our Company’s products and services to you by customizing them according to your preferences, usage habits and needs, ensuring the legal and commercial security of our Company, and carrying out Human Resources policies, our business partners, suppliers, their affiliates, subsidiaries, company officials, shareholders, to the extent permitted by the provisions of the applicable legislation, within the framework of the personal data processing conditions and purposes specified in Article 8 of the PDPL regarding the transfer of personal data and Article 9 regarding the transfer of personal data abroad. Article 8 regarding the transfer of personal data and Article 9 regarding the transfer of personal data abroad within the framework of the personal data processing conditions and purposes specified in Article 9.

Rights of the Person Whose Personal Data is Processed

In line with Article 11 of PDPL; to learn whether your personal data has been processed, to request information if your personal data has been processed, to learn the purpose of processing personal data and whether they are used in accordance with their purpose, to know the third parties to whom personal data is transferred domestically or abroad, to request correction of personal data in case of incomplete or incorrect processing, to request deletion or destruction of personal data, In case of correction, deletion or erasure of personal data, you have the right to request notification of these transactions to third parties to whom personal data is transferred, to object to the occurrence of a result to the detriment of the person itself by analyzing the processed data exclusively through automated systems, and to request compensation for damages in case of damage due to unlawful processing of personal data.

In this context, the requests submitted to us through the methods regulated in the legislation will be finalized by our company as soon as possible, within thirty days at the latest, free of charge. However, if the transaction creates any cost, the fee in the tariff determined by the Personal Data Protection Authority will be applied. In accordance with paragraph 1 of Article 13 of the PDPL; You may send your relevant request, including your explanations that you wish to exercise your rights under Article 11 of the PDPL, in written form or by other methods determined by the Personal Data Protection Authority, through the contact addresses specified below or by other methods specified in the PDPL and related sub-regulations.

Fonet Bilgi Teknolojileri A.Ş

Address: Kızılırmak Mahallesi 1445. Sokak No: 2B/1 The Paragon Tower   Çankaya / ANKARA

Phone: +90 312 438 59 19

Fax: +90 312 440 36 52

E-Mail: fonet.kvkk@fonetbt.com

Registered Electronic Mail (“REM”) address: fonetbt@hs01.kep.tr