INFORMATION SECURITY POLICY

As Romsis Air Retail Solutions Aviation Retail Solutions Limited Company, within the scope of our field of activity, it is of great importance to: Comply with legal requirements, fulfill the needs and expectations of our customers, suppliers, and third-party stakeholders, ensure access to high-quality, fast, and secure services, enable our employees to access information assets in a timely, accurate, complete, and uninterrupted manner. To protect information belonging to the company, our customers, and third-party stakeholders, our company has decided to establish an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022. The objective of establishing the ISMS is to ensure the confidentiality, integrity, and availability of information by protecting it from all internal or external threats, whether intentional or accidental, and to ensure that our operations are conducted effectively, accurately, swiftly, and securely. Information security is a corporate responsibility aligned with our institutional goals. Roles have been defined, responsibilities assigned, and accountable individuals appointed to ensure the effective functioning of information security processes. These responsibilities cover all units using the IT infrastructure, third parties accessing information systems, and vendors providing technical support to these systems. With the establishment of the ISMS, we aim to identify and assess potential risks across all included areas, mitigate them to an acceptable level through standardized controls, and keep the ISMS active through risk assessment procedures. QUALITY POLICY: As a company, within our field of activity, we are committed to meeting legal requirements, providing services that meet the needs and expectations of our customers, suppliers, and third-party stakeholders, ensuring access to services that are high-quality, fast, and secure, prioritizing customer satisfaction. The Quality Management System is a corporate responsibility aligned with our organizational objectives. Our primary goals are to: maximize customer satisfaction with our products and services, increase effectiveness and efficiency, manage resources efficiently, handle customer feedback effectively, ensure continuous improvement. Roles and responsibilities necessary for the proper functioning of the quality management processes have been clearly defined and assigned. INFORMATION TECHNOLOGY SERVICE MANAGEMENT POLICY: As a company, within our field of activity, we commit to: operating our services in accordance with the ISO 20000-1 Information Technology Service Management standard, continuously improving the effectiveness of the Service Management System and the services provided, ensuring continuity of the IT service infrastructure and operations related to electronic applications, ensuring user and stakeholder satisfaction, prioritizing and meeting customer needs accurately through alignment between service-providing departments, implementing necessary measures to build and maintain an effective IT service management structure, complying with legal requirements, managing risks and opportunities effectively, fulfilling ISO 20000 standard requirements, and continually improving all IT processes. BUSINESS CONTINUITY MANAGEMENT POLICY: As a company, within our field of activity, we aim to: operate in accordance with the ISO 22301 Business Continuity Management System standard, maintain and improve business continuity plans to ensure safety and minimize the impact of emergencies (such as disasters or crises beyond our control), conduct drills to ensure our plans function properly, considering legal obligations, policies, and customer expectations, identify potential risks that could cause service interruptions and implement preventative measures, manage internal and external communications related to business continuity, fulfill the needs of suppliers, customers, shareholders, employees, and legal authorities. Our business continuity plans are developed by taking into account our customers’ expectations, corporate policies, and legal obligations. PERSONAL DATA PROTECTION POLICY: The primary purpose of this Policy is to explain the systems adopted for the lawful processing and protection of personal data by our Company. It aims to provide transparency by informing individuals whose personal data is processed by the Company, including: customers and potential customers, employees and employee candidates, company executives, visitors, employees and officials of partner institutions, third parties. We commit to operating in compliance with the ISO 27701 Personal Data Management System standard, fulfilling legal requirements, managing related risks, and continuously improving personal data protection practices. CUSTOMER SATISFACTION POLICY: The Company adopts a customer-focused approach that: allows customers to easily communicate their demands and complaints, handles these with objectivity, fairness, care, and confidentiality, evaluates them within the bounds of the law and company policy, implements necessary improvements and controls to prevent recurrence, emphasizes transparency in customer relationships, aims to resolve all customer complaints as a core principle. Our customer satisfaction principles: we consider the customer “right” by default and analyze the root cause from this perspective, we investigate every issue presented to us as an opportunity to improve, we align with our customers' expectations for quality service, we aim to establish strong, accurate, clear, and sustainable customer relationships following our product and service delivery. COMPLAINT POLICY: No fees are charged and no profit is gained from handling complaints. Employees involved in the resolution process follow objectivity criteria. The complaint procedure is transparent and accessible to customers. Complaints are handled impartially and fairly. Integrity is prioritized in uncovering the facts of the complaint, and all parties are considered. Customer information is confidential and is not shared with third-party organizations or individuals unless necessary for resolving the complaint. In this context, our company commits to: meeting the requirements of Integrated Management System standards, complying with legal regulations, enabling the implementation of all applicable controls, ensuring the continuous improvement of the established Integrated Management System in line with emerging technologies and new application areas through regular yearly reviews.