As Kredi Kayıt Bürosu, we adopt a management approach that respects fundamental rights and freedoms, is transparent, reliable and fully compliant with the legislation in the protection and processing of personal data. In this context, we undertake to act in compliance with the Law No. 6698 on the Protection of Personal Data (“PDPL”) in all our processes regarding the processing of personal data and at the same time to operate the Personal Data Management System effectively in accordance with the ISO/IEC 27701 standard.

Kredi Kayıt Bürosu, in its capacity as the data controller, ensures that all personal data it processes are stored in accordance with the law and good faith, for specific, explicit and legitimate purposes, in a measured and limited manner, for the period stipulated in the relevant legislation. The secure processing, protection and, when necessary, destruction of personal data is not only a legal obligation; it is also an integral part of our corporate ethics.

As senior management, we allocate the necessary resources to ensure that data is kept securely and we support our employees to raise awareness on personal data management. We anticipate data breaches and threats through our risk management processes and develop proactive and sustainable security measures against these threats. In line with our service continuity and data privacy-oriented approach, we accept it as a corporate responsibility to protect the confidentiality, privacy, integrity and accessibility of our members' and customers' data under all circumstances

All our employees, business partners and service providers are obliged to comply with the security measures and confidentiality rules determined within the scope of PDMS. Personal data security should be supported not only by technical measures, but also by organizational awareness and continuous training. For this reason, our employees are regularly informed about their responsibilities within the scope of PDPL and ISO 27701.

As Kredi Kayıt Bürosu, we have integrated our corporate risk management system with personal data security processes in order to identify, assess and manage the risks arising from the processing of personal data with appropriate controls. Sensitive and special categories of personal data are processed within the scope of explicit consent or legal exceptions and protected with high security standards.

Necessary physical and digital security measures are taken and technical measures are implemented to ensure confidentiality in the transfer, storage and destruction of personal data. Necessary agreements and confidentiality undertakings are signed before data transfer, and transfer processes are recorded in a traceable manner.

In order to continuously improve the PDMS and ensure compliance with the legislation, committees have been established within the organization and the committee carries out audit and evaluation activities at regular intervals. In addition, our corporate breach management policies are operated for the prevention, detection and management of personal data breaches

As the senior management of Kredi Kayıt Bürosu, we are committed to fulfilling all legal obligations regarding the protection of personal data, establishing a systematic management system and data security culture throughout the organization, and providing the necessary resources and support to ensure continuous improvement within the scope of ISO 27701.