Softtech Yazılım Teknolojileri Araştırma Geliştirme ve Pazarlama Ticaret A.Ş. ("Softtech") hereby adopts as a fundamental principle the assurance of confidentiality and security of information obtained pursuant to your visit to our website or utilization of our applications.

We acknowledge that such an approach constitutes our legal obligation. Accordingly, this Privacy Policy has been established to provide information by elucidating the conditions under which your information is processed or transferred by Softtech and the manner in which your information is protected.

Within the framework of our approach concerning the exercise of utmost diligence in protecting your information and ensuring compliance with applicable legislation, we diligently oversee the protection of your information to guarantee that all our personnel demonstrate the requisite sensitivity at the highest level in this regard. All services rendered to you by Softtech through any channels shall hereinafter be referred to as the "Service".

1. SCOPE OF PRIVACY AND PERSONAL DATA PROTECTION POLICY

As part of the Service rendered, Softtech may obtain or transfer information pertaining to you as Service recipients within the scope of this Privacy Policy. The acquisition or transfer of such information is conducted in strict accordance with applicable legislation. This Privacy Policy does not reflect the privacy practices of third parties to whom information is transferred, and Softtech bears no responsibility for their privacy policies or practices.

This Privacy Policy does not encompass information collected by applications beyond Softtech's control, third-party websites and platforms, information collected by third parties through links on Softtech's website, or titles, campaigns and other advertisements or promotions on third-party websites sponsored and/or participated in by Softtech. Softtech shall not be held liable for the processing of personal data that third parties collect, store or process through their respective websites.

2. PERSONAL DATA

Your personal data is collected through automatic and non-automatic means and processed in a limited and proportionate manner for the purposes specified in the information notice provided to you, primarily to ensure the continuity of the Services rendered by Softtech.

Your personal data may be transferred to third parties by Softtech in accordance with applicable legislation. The third parties to whom your personal data may be transferred comprise our business partners, subsidiaries, affiliates, suppliers, customers or authorized public institutions and organizations.

Softtech provides information to you within the scope of personal data processing or transfer activities and seeks your explicit consent where required. You may access detailed information regarding the processing and transfer of your personal data from the Information Notice provided by Softtech through the website you visit or the application from which you receive Service.

3. SECURITY

The security measures implemented by Softtech during the processing of your data are as follows:

Network and application security are ensured.

Security measures are implemented in the procurement, development, and maintenance of information technology systems.

The security of personal data stored in the cloud is ensured.

Employees are regularly provided with training and awareness programs on data security.

Access from external networks is blocked by firewall systems.

Data leakage is monitored through the use of a Data Loss Prevention (DLP) product.

Vulnerability scans are performed on servers using the Nessus product.

A two-factor authenticated VPN connection is used for access to the internal network.

Security products are employed to protect against potential attacks via email.

Access logs are regularly maintained.

Corporate policies on access, information security, usage, storage, and destruction have been established and implemented.

Confidentiality agreements are executed.

Authorizations of employees who change roles or leave the company are revoked.

Up-to-date antivirus systems are utilized.

Executed contracts include data security provisions.

Policies and procedures regarding the security of personal data have been defined.

Personal data security incidents are promptly reported.

Personal data security is monitored.

The security of environments containing personal data is ensured.

The volume of personal data is minimized as much as possible.

Personal data is backed up, and the security of the backups is also ensured.

User account management and authorization control system is implemented and regularly monitored.

Internal periodic and/or random audits are conducted or commissioned.

Existing risks and threats have been identified.

Cybersecurity measures have been taken and are continuously monitored for implementation.

The highest level of software and hardware security measures is applied, in accordance with the current state of the art.

4. COOKIE USAGE

Tracking technologies such as cookies, pixels, and gifs (“Cookies”) are small data files that are placed on your devices—such as tablets, phones, or computers—when you access our websites or applications. These Cookies enable our servers to recognize your devices and, for example, remember your language preferences, stored usernames and passwords, or items in your shopping cart, and to manage on-site traffic efficiently.

Cookies also assist us in enhancing our software to offer you a better user experience, by analyzing the number and profile of visitors to our websites and applications.

For more detailed information regarding the Cookies we use, please refer to the Cookie Information Notice available on the Softtech websites and applications you access. You may also personalize your cookie preferences at any time by adjusting your browser settings.

5. INFORMATION UPDATE AND CHANGES

Softtech reserves the right to modify the content of this Privacy Policy without prior notice, in order to maintain up-to-date privacy and data protection principles and to ensure continued compliance with applicable legislation. The revised Privacy Policy shall be duly published on the official Softtech website.

You may at any time access the most current version of this Privacy Policy at www.softtech.com.tr. By continuing to use Softtech’s Services and/or applications following any such amendments, you shall be deemed to have accepted the modifications introduced. The amended provisions of this Privacy Policy shall enter into force as of the date of their publication on the website.

You may submit your applications concerning your rights under Article 11 of the Personal Data Protection Law to Softtech via the following addresses:

Submission by Post:

You may complete our Personal Data Application Form and submit your request, bearing a wet-ink signature, either in person or via post to the following address:

İTÜ Ayazağa Campus, Reşitpaşa Mahallesi, Katar Caddesi, İTÜ Teknokent ARI-3 Building, No: 4, Floor: 4–5, 34469 Maslak–Sarıyer/İstanbul.

Registered Electronic Mail (KEP) Address:

softtech@hs02.kep.tr

E-mail Address:

If you have previously provided us with an e-mail address and it has been duly registered in our system, you may submit the application form to kvkk@softtech.com.tr using that registered e-mail address.

(If the e-mail address from which you send the application is not registered in the Softtech system, your submission must be signed with a secure electronic signature or a mobile signature.)

Contact Information

Softtech Yazılım Teknolojileri Araştırma Geliştirme ve Pazarlama Ticaret A.Ş.

İTÜ Ayazağa Campus

Reşitpaşa Mah. Katar Cad.

İTÜ Teknokent Arı-3 No:4 Floor-4-5

34469 Maslak-Sarıyer-İstanbul

Tel: +90 850 290 6000

Fax: +90 212 328 1199

The purpose of this Cookie Policy (“Cookie Policy”) is to provide information to all visitors regarding the use of tracking technologies such as pixels and gifs (“Cookies”) on www.softtech.com.tr (“Website”), operated by Softtech. Through this Cookie Policy, we aim to explain which types of Cookies are used on the Website, for what purposes they are employed, and how you can control their use.

Cookies enable the servers of the Website to recognize certain information related to your visit—such as your language preferences and other settings—helping to manage website traffic and making the Website more user-friendly by remembering these details during your subsequent visits. In addition, Cookies allow us to analyze the number and audience profile of Website visitors, which supports us in improving our products and services to offer you a better experience. If you choose to do so, they also allow us to personalize the advertisements you see during your internet usage.

Cookie Types and Usage Purposes

According to their validity periods, two types of cookies are utilized on our Website: Persistent Cookies and Temporary Cookies. Temporary Cookies are generated upon your visit to the Website and remain valid solely until you close your browser. Persistent Cookies are created when you visit the Website and remain until you delete them or their duration expires. Persistent Cookies are employed for operations such as providing a personalized experience in accordance with your settings.

The Cookie types and their respective usage purposes on the Website are delineated below:

Mandatory Cookies

These constitute cookies that are deployed on your device during your viewing of the Website and are essential for the proper functioning of the online services rendered.

Performance and Analytics Cookies

Performance cookies enable us to monitor and analyze the number of individuals viewing the Website and Website traffic patterns. Through these cookies, we can obtain intelligence such as which areas of the Website are visited most frequently or infrequently and optimize Website traffic accordingly.

How Can Cookie Usage Be Controlled?

You may configure your browser to reject all cookies or to provide notification when a cookie will be transmitted to your device, or alternatively, you may configure your browser to delete cookies upon completion of each browsing session. However, such configuration may result in the inability to properly utilize certain areas of the Website.

Should you prefer that Softtech not deploy cookies on your device, you may customize your preferences regarding the utilization of Cookies through the following links, in accordance with your browser's settings or options:

Adobe Analytics:http://www.adobe.com/uk/privacy/opt-out.html

AOL:https://help.aol.com/articles/enable-cookies-in-your-web-browser

Google AdWords:https://support.google.com/ads/answer/2662922?hl=en

Google Analytics:https://tools.google.com/dlpage/gaoptout

Google Chrome:http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647

Internet Explorer:https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox:http://support.mozilla.com/en-US/kb/Cookies

Opera:http://www.opera.com/browser/tutorials/security/privacy/

Safari:https://support.apple.com/kb/ph19214?locale=tr_TR

Information Update and Changes

Softtech may, when deemed necessary, discontinue the utilization of Cookies currently employed, modify their types or functions, or incorporate new cookies into the Website. Consequently, this Cookie Policy may be amended at any time. In instances where the Cookie Policy is modified, it shall become valid and enter into force from the update date indicated at the top of the page. Should you continue to utilize Softtech's products and services subsequent to amendments to the Cookie Policy, it shall be deemed that you accept the modifications made.

We recommend that you periodically review the Cookie Policy to obtain current information regarding cookie usage.

The Information Security Policy has been established by the Softtech Information Security Committee and approved by the Board of Directors following the evaluation of the General Manager.

By implementing this Policy, Softtech aims to achieve the following:

• All types of information required by business processes shall remain accessible with minimal interruption by the relevant departments, customers, and applicable third parties within the defined scope.

• The integrity of information shall be preserved under all circumstances.

• Regardless of whether the information belongs to Softtech, its customers, or third parties, the confidentiality of all information generated and/or used shall be ensured at all times.

• Information shall be protected against unauthorized access through appropriate access control measures.

• Risks identified within the system shall be evaluated and managed under the Risk Management process for the purpose of designing, implementing, and maintaining the Information Security Management System.

• Information assets shall be classified according to their confidentiality level, and through employee adherence, their confidentiality and integrity shall be maintained within the scope of the Asset Management process.

• Requirements set forth by national laws, international standards, industry regulations, and customer contracts shall be fulfilled, and compliance shall be ensured through the Compliance Management process.

• To protect critical business processes from the impacts of major disasters and operational failures, business continuity requirements shall be identified, and a business continuity plan shall be developed and implemented. Within the scope of the business continuity process, the continuity of the plan shall be maintained and tested.

• Trainings to increase awareness of information security and to encourage contribution to the operation of the system shall be provided on a regular basis to current and newly onboarded employees.

• In order to enhance information security and ensure continuous improvement, necessary initiatives shall be taken to reassess priorities, identify resources, and secure their availability.

• All realized or suspected breaches of information security shall be reported, and preventive measures shall be taken to avoid recurrence.

Necessary measures shall be implemented to ensure the protection of information assets in workspaces in accordance with the “Clear Screen / Clear Desk” principles.