SIGMA ELEKTRIK SAN AND TIC A.S

POLICY FOR THE SECURITY OF PERSONAL DATA OF A SPECIAL NATURE ELEKTRIK SAN AND TIC A.S

POLICY FOR THE SECURITY OF PERSONAL DATA OF A SPECIAL NATURE

SCOPE AND DEFINITIONS

Article 6 of the Personal Data Protection Law No. 6698 (“Law”) has determined a number of personal data that carry the risk of causing victimization or discrimination to individuals when processed unlawfully as “Special Category Personal Data”.rticle 6 of the Personal Data Protection Law No. 6698 (“Law”) has determined a number of personal data that carry the risk of causing victimization or discrimination to individuals when processed unlawfully as “Special Category Personal Data”. The scope of special categories of personal data includes race, ethnic origin, political thought, belief, religion, sect or other beliefs, disguise and clothing, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures related data, as well as biometric and genetic data.

Within the scope of this policy;

"SIGMA ELEKTRIK SAN. and tic. A.Sh. "'yi

"Data Owner” means the real person whose personal data is processed,

"Data Controller” means the legal entity that determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

The "Board" shall designate the Personal Data Protection Board as,

”Employee" refers to the Sigma Electrical staff.

PROCESSING OF PERSONAL DATA OF A SPECIAL NATURE

Sigma Elektrik attaches great importance to the processing of Private Personal Data containing sensitive data of the relevant persons in accordance with the law and shows maximum effort for the protection of these data.Sigma Elektrik attaches great importance to the processing of Private Personal Data containing sensitive data of the relevant persons in accordance with the law and shows maximum effort for the protection of thSigma Elektrik attaches great importance to the processing of Private Personal Data containing sensitive data of the relevant persons in accordance with the law and shows maximum effort for the protection of these data.

Personal Data of a Special Nature are processed by Sigma Elektrik in accordance with the Law, provided that adequate measures to be determined by the Board are taken, in the presence of the following conditions:

If the Data Owner has explicit consent, or

If the Data Subject does not have explicit consent, private personal data other than the Data Subject's health and sexual life are processed by persons or authorized institutions and organizations that are under obligation to keep secrets for the purposes of (i) protection of public health, (ii) preventive medicine, (iii) medical diagnosis, (iv) treatment and care services, (v) planning and management of health services and financing, in the cases provided for by law. Private personal data related to the Data Subject's health and sexual life are processed only by (i) protection of public health, (ii) preventive medicine, (iii) medical diagnosis, (iv) execution of treatment and care services, (v) planning and management of health services and financing.

PRECAUTIONS RELATED TO THE PROCESSING OF SPECIAL PERSONAL DATA

Sigma Elektrik, Article 6 of the LawRECAUTIONS RELATED TO THE PROCESSING OF SPECIAL PERSONAL DATA

Sigma Elektrik, Article 6 of the Law in the processing of Personal Data of a Special Nature contained in the Article, the Board dated 31.01.2018 and 2018/10 No.lCAUTIONS RELATED TO THE PROCESSING OF SPECIAL PERSONAL DATA

Sigma Elektrik, Article 6 of the Law in the processing of Personal Data of a Special NatuPRECAUTIONS RELATED TO THE PROCESSING OF SPECIAL PERSONAL DATA

Sigma Elektrik, Article 6 of the Law in the processing of Personal Data of a Special Nature contained in the Article, the Board dated 31.01.2018 and 2018/10 No.lu in accordance with its decision, in its capacity as Data Controller, it takes the following measures::

This Policy, which is systematic, clearly defined, manageable and sustainable for the security of personal data of a special nature, has been determined.

For the Employees involved in the processing of Personal Data of a Special Nature,

Trainings are provided regularly on Special issues of Personal Data security with the law and related regulations,

Confidentiality agreements are made,

The scope and duration of authorization of users authorized to access the data are clearly definedTrainings are provided regularly on Special issues of Personal Data security with the law and related regulations,

Confidentiality agreements are made,

The scope and duration of authorization of users authorized to access the data are clearly defined,

Periodic authority checks are carried out,

The powers of Employees who have changed their duties or have left their jobs in this area are immediately removed. Within this scope, the inventory allocated to them by the Data Controller is refunded.

The environments where Personal Data of Special Nature are processed, stored and/or accessed are not kept in electronic environmentThe environments where Personal Data of Special Nature are processed, stored and/or accessed are not kept in electronic environment,

If the physical environment is the environment in which Personal Data of a Special Nature are processed, stored and /or accessed;

Adequate security measures (electriche environments where Personal Data of Special Nature are processed, stored and/or accessed are not kept in electronic environment,

If the physical environment is the environment in which Personal Data of a Special Nature are processed, stored and /or accessed;

Adequate security measures (electricity leakage, fire, flooding, theft, etc.) according to the nature of the environment in which Personal Data of Special Nature is located. against situations) are taken,

Unauthorized entry and exit are prevented by ensuring the physical security of these environments.

If Personal Data of a Special Nature will be transferred;

If it is necessary to transfer Personal Data via e-mail, it is transferred encrypted with a corporate e-mail address or using a Registered E-Mail (KEP) account,

If Portable Memory needs to be transferred via media such as CD, DVD, it is encrypted by cryptographic methods and the cryptographic key is kept in a different environment,

If the transfer is performed between servers in different physical environments, data transfer is performed between the servers by Decrypting Decryption by VPN or by SFTP method.,

If it is necessary to transfer Personal Data via paper medium, necessary measures are taken against risks such as theft, loss of documents or being seen by unauthorized persons, and the documents are sent in a “Confidential” format.If it is necessary to transfer Personal Data via paper medium, necessary measures are taken against risks such as theft, loss of documents or being seen by unauthorized persons, and the documents are sent in a “Confidential” format.

In addition to the measures mentioned If it is necessary to transfer Personal Data via paper medium, necessary measures are taken against risks such as theft, loss of documents or being seen by unauthorized persons, and the documents are sent in a “Confidential” format.

In addition to the measures mentioned above, technical and administrative measures to ensure the appropriate level of security specified in the Personal Data Security Guide published on the website of the Personal Data Protection Authority are also taken into account Jul.

TRANSFER OF PERSONAL DATA OF A SPECIAL NATURE

Sigma Elektrik may transfer the Data Owner's Special Category Personal Data to third parties in accordance with the data processing purposes, by taking the necessary security measures, for Special Category Personal Data that it has obtained in accordance with the law.igma Elektrik may transfer the Data Owner's Special Category Personal Data to third parties in accordance with the data processing purposes, by taking the necessary security measures, for Special Category Personal Data that it has obtained in accordance with the law. Accordingly, Sigma Elektrik will be able to transfer Special Personal Data to third parties in the presence of one of the following conditions.

If the Data Owner has explicit consent,,

If the Data Subject does not have explicit consent, private personal data other than the Data Subject's health and sexual life, if provided for by law, private personal data related to the Data Subject's health and sexual life are processed and transferred only by persons or authorized institutions and organizations under the obligation to keep secrets for the purposes of (i) protection of public health, (ii) preventive medicine, (iii) medical diagnosis, (iv) treatment and care services, (v) planning and management of health services and financing.

TRANSFER OF SPECIAL CATEGORIES OF PERSONAL DATA ABROAD

Sigma Elektrik does not transfer the special personal data it processes abroad.