PRIVACY POLICY

The purpose of this Policy is to protect and properly manage the confidentiality, integrity and accessibility features of the information assets owned by ÖZVARDAR CAM and the units it provides services.

ÖZVARDAR CAM Information Security Management System; ÖZVARDAR CAM It includes the information technology infrastructure, all units using this infrastructure, users who access the information systems of the institution as a third party, service, software or hardware providers that provide technical support to ÖZVARDAR CAM Information Technology unit.

The implementation of this policy is important to show and maintain our integrity in our business relationships with the units we serve. For ÖZVARDAR CAM, customer information, organizational records, technology knowledge, project activity process information are primarily priority and protected assets. It is ÖZVARDAR CAM's policy to provide the following.

• Confidentiality is ensured by granting only authorized access to information,
• The integrity of the information is ensured by protecting against unauthorized changes and recording the changes made,
• When information is needed, its accessibility is ensured by making it available to authorized users,
• All policies and procedures supporting this policy are implemented by each unit. All legal requirements are fulfilled.
• Awareness is raised by providing continuous training on Information Security for all employees.
• All Information Security vulnerabilities and any suspicious situations detected are reported to the relevant persons. Continuous improvement and controls are provided by those concerned.

All ÖZVARDAR CAM employees who have any relation with the information assets covered by the Information Security Management System target are responsible for implementing this policy and will have the support of ÖZVARDAR CAM management who has approved the policy.

• Determine the value of information assets through appropriate risk assessment, understand their weaknesses and threats that could put them at risk, and reduce risks to acceptable levels.
• Fulfilling the requirements in laws through the design, implementation and maintenance of the Information Security Management System.
• To protect the credibility of the institution and its image.
• To comply with all customer contract terms regarding Information Security.
• To ensure the business continuity of the institution.
• Ensuring and maintaining TS ISO IEC 27001 compliance.

ÖZVARDAR CAM management creates, ensures and reviews this policy. All ÖZVARDAR CAM employees are responsible for complying with this policy and the procedures and instructions that support this policy. Administration; In the event that the Policy, Procedure and Instructions established within the scope of the Information Security Management System are not followed, the institution will apply one or more of the sanctions such as warning, reprimand, fines and termination of the contract.

In case of violation of ÖZVARDAR CAM security and operation policies by personnel, necessary disciplinary measures are taken by ÖZVARDAR CAM management. If ÖZVARDAR CAM or the people it provides services are harmed in any way due to such violations, ÖZVARDAR CAM management may compensate the responsible personnel for the damage.

ÖZVARDAR CAM is subject to any deliberate action, disciplinary action and / or legal precaution that may endanger the security of information belonging to its customers or suppliers.

The Information Security Manager supports the implementation of this policy through appropriate standards and procedures. ÖZVARDAR CAM Information Security Board updates the ISMS infrastructure and ensures its continuity.

All personnel and contracted suppliers are subject to the information security policy. All personnel are responsible for reporting security incidents and reporting weak spots detected.

This policy is reviewed regularly once a year by the ÖZVARDAR CAM Information Security Board, taking into account the important security weaknesses and threats, based on the controls regarding the process or technical infrastructure changes. This revised and updated policy is approved by ÖZVARDAR CAM Management. Reviews include the nature and effectiveness of recorded security vulnerabilities, the impact of controls on business productivity, and the impact of technological change.

As ÖZVARDAR CAM Management, "Özvardar Cam Information Security Policy" I hereby declare that the management supports the implementation of, controls and enforcement of the necessary sanctions for security violations.