Our Commitments

Complify recognises that the confidentiality, integrity and availability of information in all forms is critical to its sustainable success and good governance practices and that failure to maintain an adequate level of information security increases the risk of reputational damage as well as financial loss.

This information security policy summarises Complify's approach to Information Security management and sets out the guiding principles and responsibilities for maintaining the security of information systems.

Complify is committed to the installation, implementation, operation, monitoring, review, maintenance and continuous improvement of the Information Security Management System in accordance with the ISO/IEC 27001 Standard in order to ensure the confidentiality, integrity and accessibility of the information it is obliged to protect.

In our company carrying out technology development activities, we are committed to:

• Follow the current legislation related to the activities we carry out.
• Complete all our activities, especially our software development processes, effectively, accurately, quickly and safely.
• Carry out our activities by being aware of the risks on confidentiality, accessibility and integrity in accessing all kinds of information assets belonging to our company, customers, employees, suppliers and business partners.
• Ensure that the information security management system and information security awareness is turned into a corporate culture.
• Ensure the preparation, implementation and testing of the necessary plans to ensure business continuity and service continuity.
• Ensure that the risks to our information assets and processes are assessed and processed in accordance with recognised risk management methodologies.
• Remain in contact with special interest groups in order to benefit from the developing technologies and know-how in our sector.

Complify is aware that the confidentiality, integrity and accessibility of information in all forms play a critical role in its sustainable success and good governance practices and that failure to provide information security at an adequate level will increase the risk of reputational loss as well as financial losses.

Complify is aware that in order to manage the activities related to the products and services it offers effectively and uninterruptedly, it must ensure that critical business processes are maintained in a planned manner and that they are recovered in a timely manner and returned to normal status in a planned manner.

With the Business Continuity Policy, Complify ensures that necessary measures are taken by establishing processes, policies and strategies. It prepares business continuity plans taking into account customer expectations, corporate policies and legal obligations. In order to guarantee the operation of the plans in emergency situations, potential risks are regularly evaluated and drills are carried out for activities that prevent the realisation of risks.

Our company plans, establishes, regularly reviews and improves business continuity in order to manage interruptions in extraordinary situations, prevent system and resource losses and reputational damages, as well as fulfil its legal obligations. We are also committed to:

• Provide services in emergency and extraordinary situations in compliance with minimum service level and recovery time targets.
• Maintain a business continuity management system in compliance with international business continuity standards.
• Maintain a business continuity management structure in compliance with the relevant regulations.
• Return to normal service level within the prescribed periods after emergency and extraordinary situations.

We consider all these issues as a priority and undertake and declare that it is under the responsibility of our company to provide the necessary support for the allocation of the necessary resources.

Complify is aware that the personal data of its employees, suppliers and customers must be protected and secured in accordance with national and international legal legislation and regulations while performing the company's activities.

With our Personal Data Protection Policy, we are committed to:

• Store only minimal data for specified purposes.
• Process personal data only by persons authorised by the data controller, in accordance with the legal purposes specified in the contracts, for the specified period of time, and in accordance with the information classes.
• Ensure the currency of personal data.
• Ensure the security of physical and electronic environments where personal data are stored and processed.
• Ensure the confidentiality and integrity of personal data.
• Act in accordance with the law when data transfer is to be made.

We consider all these issues as a priority and undertake and declare that they are under the responsibility of our company.

As Complify, we are aware that the protection of people, society and the environment is the main priority in our activities and investments in order to support social, environmental and economic sustainability in accordance with fundamental corporate values and ethical standards.

• Together with all our employees, stakeholders and business partners, we carry out commercial activities in compliance with the legislation within the framework of an ethical, transparent and accountable corporate understanding, and we aim to work for a more liveable world and a sustainable future.
• We follow the relevant legislation on corporate governance, apply the mandatory principles, try to implement the non-mandatory principles as much as possible, and explain the reasons for non-compliance with voluntary principles that cannot be complied with.
• We fulfil our social and environmental responsibilities towards the society in all geographies where we operate, in harmonious cooperation with our shareholders, employees, public, non-governmental organisations and other stakeholders.
• We take into account applicable national and international standards, legal regulations and our corporate commitments while fulfilling these commitments and activities.
• By integrating sustainability into our business model and strategy, we aim to provide competitive advantage in the long term and differentiate ourselves from our competitors with our sustainable business practices.
• We ensure that our employees and stakeholders increase the level of environmental awareness that supports recycling in order to minimise the amount of waste for a sustainable environment.
• Occupational health and safety is one of our main priorities and we ensure that the occupational health and safety culture is sustainable in our activities.
• We provide equal opportunities without discrimination on the basis of gender, language, religion, race, age, etc., we act fairly and respectfully, and we work to improve labour standards.
• We comply with the relevant legislation on the protection of personal data and data security.
• We define the environmental, social and corporate sustainability goals related to our activities and the organisational responsibilities required for the operation of processes to achieve these goals.
• We are committed to continuously updating our sustainability compliance programme by raising awareness of corporate sustainability among our stakeholders.