Headquartered in Akdeniz Mah. Atatürk Cad. No:126/51 Konak / İzmir / TURKEY, PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. operates in the finance sector. PayTR management is committed to ensuring information security, confidentiality and integrity to protect all electronic funds flow and assets throughout the organization.

Information and information security requirements will be in line with corporate objectives. Among the management’s objectives are to employ well-trained, competent personnel who are open to innovation and change, to provide financing that will enable competition with competitors in the sector, and to provide uninterrupted and secure service by hosting sufficient hardware and infrastructure.

In addition, the Company aims to ensure full compliance with sector-related legislation, to closely follow relevant technological developments, and to take preventive actions to improve service quality and prevent problems before they occur while performing daily operational tasks.

In addition, PayTR aims to ensure full compliance with sector-related legislation, closely follow relevant technological developments, and take preventive actions to improve service quality and prevent problems before they occur while performing daily operational tasks. PayTR’s current strategic business plan and risk management framework are ensured through the establishment and maintenance of the ISMS. The risk assessment and risk response plan describes how risks related to information and funds are controlled.

Additional risk assessments may be carried out, where necessary, to identify appropriate controls for specific risks. In particular, business continuity and contingency plans, data backup procedures, virus and hacker avoidance, access control systems and information security breach notification are essential to this policy. Control objectives for each of these areas are supported by documented policies and procedures.

To realize this policy:

All PayTR employees and certain external parties defined in the ISMS are expected to comply with this policy and the ISMS implementing this policy. All staff and certain external parties will receive appropriate training and information. ISMS is subject to continuous systematic evaluation and improvement.

In order to support the ISMS framework and periodically review the security policy, PayTR has established the Information Security Committee, which includes the General Manager, Internal Control and Risk Unit responsible and Technical Unit responsible.

This policy will be reviewed at least once a year to respond to changes in the risk assessment or risk response plan.