Data Security Form

Company Name: Aniventi İnovasyon Bilişim ve Teknoloji A.Ş.

Form Date: 01.04.2025

Version: 1.0.0.1

1. Purpose

This form is prepared to document the technical and administrative measures taken to ensure the security of personal data processed by Aniventi Innovation Information and Technology Inc.

2. Scope

This form covers

• All personal data stored or processed within the company
• Data controllers and data processors
• Physical and digital data storage areas

3. Data Security Measures

A. Technical Measures

B. Administrative Measures

No	Description of Measure	Implementation Status	Responsible Unit
1	Employee confidentiality agreements and KVKK trainings	✓	Human Resources
2	Security clauses in contracts with data processors	✓	Legal Department
3	Data breach notification procedures	✓	IT & Legal
4	Physical access controls (locked cabinets, access cards)	✓	General Management

4. Data Breach Notification Process

• Detection: In the event of a data breach, the relevant unit must inform the IT and Legal departments within 24 hours at the latest.

• Response: The IT team activates technical measures to stop the leak and protect the data.

• Notification: In accordance with KVKK and GDPR, affected individuals and the Data Protection Authority (when required) are notified within 72 hours.

5. Responsibilities

• IT Department: Ensures the security of the technical infrastructure.

• Legal Department: Monitors legal compliance.

• Employees: Are obliged to comply with confidentiality policies.

6. Audits and Updates

• This form is reviewed at least once a year or when there are legal changes.

Last review date: 01.01.2025

Prepared by: Ali ÇAĞLAR / IT Department

Approved by: İlker KAYALAR / General Management