INFORMATION SECURITY AND DIGITALIZATION POLICY
1. Purpose
With this policy, İhlas Gayrimenkul aims to consider existing and potential risks, taking into account legal obligations and the expectations of customers and other stakeholders. In this regard, it commits to meeting information security requirements to ensure the confidentiality, integrity, and accessibility of information when needed.
Furthermore, İhlas Gayrimenkul aims to closely follow next-generation technologies in the digitalization process, integrate these technologies into its business practices, and ensure a sustainable digital transformation in its corporate processes.
2. Scope
İhlas Gayrimenkul employees, group companies, affiliates, suppliers, business partners, and other stakeholders are obligated to comply with the İhlas Gayrimenkul Information Security and Digitalization Policy. This approved policy will be communicated to all relevant parties.
In the event of any detection of a breach of information security, the authorized governance and audit mechanisms within İhlas Gayrimenkul are responsible for initiating the necessary sanctions and disciplinary processes. Employees may report any detected breach of information security to the relevant management levels or through authorized reporting channels. If the breach is assessed to have occurred at the senior management level or if the incident is considered to be of a critical nature, the notification may be sent directly to the Board of Directors.
3. Information Security
This includes establishing, operating, and using information systems; defining the necessary roles and responsibilities for operating information security processes; setting objectives; creating processes for managing risks related to information systems; establishing, evaluating, and monitoring controls.
İhlas Gayrimenkul aims to ensure the uninterrupted continuity of its business activities and the appropriate handling of risks through information security.
All data belonging to İhlas Gayrimenkul, including technology, products, customer information, and similar data, is managed in such a way that it is only accessible to authorized persons when needed. Necessary integrity controls are applied against unauthorized changes to information, confidentiality is protected, and measures are taken to detect data changes in a timely manner.
Users of İhlas Gayrimenkul information systems are required to;
– Internalize and comply with documents related to the protection of confidential information and other policies.
– It must take prioritized measures according to risk levels, report situations and events that violate information security, and develop ways to prevent breaches.
– It must not use İhlas Gayrimenkul’s information systems and infrastructure for personal gain or profit that is contrary to legal obligations, business ethics, and business morality.
– It must keep the information of its suppliers, business partners, customers, and individuals with whom it has business relationships confidential and maintain its accessibility.
– It must report update and improvement processes related to Information Security documents to the Information Security Manager.
– It must request access to İhlas Gayrimenkul’s information and corporate resources in line with business needs.
4. Third Parties
Third parties that have a business relationship with İhlas Gayrimenkul or provide consultancy services must conduct their business processes in compliance with İhlas Gayrimenkul’s Information Security and Digitalization Policy.
– Information and assets belonging to İhlas Gayrimenkul must not be shared with other individuals or organizations without İhlas Gayrimenkul’s permission.
– Data and software must not be copied from any device without İhlas Gayrimenkul’s approval.
-No audio recording, video recording, or photography may be done in İhlas Gayrimenkul’s business premises without permission.
-System access at İhlas Gayrimenkul locations must be carried out under the supervision of the Information Technology team.
5. Digitalization
İhlas Gayrimenkul aims to reduce time and cost risks in its digitalization applications. It aims to increase efficiency in decision-making and solution mechanisms in business processes and to provide better service to its customers.
İhlas Gayrimenkul employees;
– Closely follow technological innovations and updates.
– Provide advice and suggestions to the relevant authorities to integrate innovative technological approaches into the business processes within İhlas Gayrimenkul.
– Utilize its digital technologies fully and efficiently for İhlas Gayrimenkul and its customers.
– Keep its customers’ sales and after-sales processes fast and efficient by using technological capabilities.
İhlas Gayrimenkul;
– Provides its employees, subsidiaries, and group companies with the newest and most useful technological infrastructure.
– Enables the protection of information confidentiality and security by providing strong system support.
– Takes into account and evaluates its employees’ suggestions for improving business processes with technological advancements.
– Keeps electronic communication channels open to all its employees, customers, suppliers, and business partners, facilitating communication.
– Stores the information of its customers, suppliers, business partners, and employees in a secure electronic document archive system; it ensures the security of written information in accordance with legal regulations and obligations.
This policy is implemented within a holistic framework, together with relevant procedures, instructions, and other supporting documents. The policy has been approved by the Board of Directors and is reviewed and updated at least once a year or as deemed necessary.
Date: 31.12.2025
İhlas Gayrimenkul Proje Geliştirme ve Ticaret A.Ş.