Information Security Policy

INFORMATION SECURITY POLICY

Bordego Electronic Commerce and Marketing Ltd. Ltd. (Getcho) accepts corporate and personal information that belongs to it and its stakeholders as critical assets. All Getcho employees and stakeholders constantly and effectively protect the information systems and physical working spaces that contain corporate information from threats.

The purpose of information security is to ensure the use of any kind of information belonging to Getcho and/or its stakeholders only by authorized persons, being stored fully and accurately, and being ready to use when necessary. In addition, due to the nature of the activities of Getcho , it is aimed to avoid financial and moral damages from security weakness and the potential effects of them.

Irrespective of their positions and responsibilities, all Getcho personnel and the third parties that have access to the information systems and information of Getcho are obliged to abide by the information security policies and procedures determined by Getcho .

Getcho expects from all of its employees and stakeholders to exercise due diligence regarding the following issues:

· Fully complying with the requirements of the Information Security Management System that is established and operated in Getcho ,

· Ensuring the secrecy, integrity, continuous usability and control of the information and information systems belonging to Getcho ,

· Restraining the risks that may arise from Getcho's own information assets being lost, disrupted or misused,

· Informing the Information Security Incident Manager about any kinds of information weaknesses and incidents that are considered to be related with Getcho .

The Department of Information Technologies undertakes the proper use of the policies and procedures defining the information systems activities, as their functional owner. The department managers are responsible in first degree from taking the required measures and supervising the required activities in their respective departments for ensuring the compliance with corporate information security policies and procedures.

The violation of corporate information security policies and procedures are at the same time the violation of ethical codes and may bear disciplinary sanction. The information security violations determined as the result of observation, inspection or denunciation may result in disciplinary sanctions up to termination of employment.

Getcho undertakes to fulfil the applicable conditions related to corporate information security and to constantly improve the Information Security Management System that it maintains.

"Processing the Information Security Management System in accordance with the standard ISO/IEC 27001 will support ensuring the preservation of our reputation and the maintenance of continuity of our enterprise's success. I would like to express my sincere thanks to all Getcho family members for their constant support and conformity to corporate information security."

and/or its stakeholders only by authorized persons, being stored fully and accurately, and being ready to use when necessary. In addition, due to the nature of the activities of Getcho , it is aimed to avoid financial and moral damages from security weakness and the potential effects of them.

Irrespective of their positions and responsibilities, all Getcho personnel and the third parties that have access to the information systems and information of Getcho are obliged to abide by the information security policies and procedures determined by Getcho .

Getcho expects from all of its employees and stakeholders to exercise due diligence regarding the following issues:

· Fully complying with the requirements of the Information Security Management System that is established and operated in Getcho ,

· Ensuring the secrecy, integrity, continuous usability and control of the information and information systems belonging to Getcho ,

· Restraining the risks that may arise from Getcho's own information assets being lost, disrupted or misused,

· Informing the Information Security Incident Manager about any kinds of information weaknesses and incidents that are considered to be related with Getcho .

The Department of Information Technologies undertakes the proper use of the policies and procedures defining the information systems activities, as their functional owner. The department managers are responsible in first degree from taking the required measures and supervising the required activities in their respective departments for ensuring the compliance with corporate information security policies and procedures.

The violation of corporate information security policies and procedures are at the same time the violation of ethical codes and may bear disciplinary sanction. The information security violations determined as the result of observation, inspection or denunciation may result in disciplinary sanctions up to termination of employment.

Getcho undertakes to fulfil the applicable conditions related to corporate information security and to constantly improve the Information Security Management System that it maintains.

"Processing the Information Security Management System in accordance with the standard ISO/IEC 27001 will support ensuring the preservation of our reputation and the maintenance of continuity of our enterprise's success. I would like to express my sincere thanks to all Getcho family members for their constant support and conformity to corporate information security."