OUR TARGETS FOR DATA SECURITY

Today, data security is of vital importance, as it depends on information, technology and systems. We, as Biletix A.Ş., attach importance to the security of the data we possess. A "Data Security Management System" has been established in accordance with the ISO 27001 Standard in order to ensure, control and manage data security in business lines under the responsibility of the Information Systems Department. Managing data security within our company in conformity with the ISO 27001:2013 Standard is of great importance for us to strengthen and maintain our existing position. That our company possesses ISO 27001 certificate both ensures necessary protection of our data and increases our reputation and reliability in the customers' eyes. At the same time, we carry out our activities in accordance with the "Global Security Policy" published by Live Nation Entertainment. In this context, we, as the management, undertake to all relevant parties that we would implement the "Data Security Management System" as an indispensable part of our corporate culture and continuously improve it.

By means of these works and activities, we hereby fundamentally commit and undertake:

• To protect the credibility of our corporation and the image of the authority it represents,
• To ensure confidentiality, accessibility and integrity of any data produced within the scope of our corporation's ticket sales services,
• To Identify and protect personal data against third parties in order to comply with the legislation published and to be published within the scope of the "Personal Data Protection Law", and destroy the same by deleting it from the relevant media at the completion of the term,
• To determine roles and responsibilities for the operation and continuity of our Data Security Management System,
• To set targets specific for our Data Security Management System and evaluate their conformity from time to time,
• To allocate necessary resources to increase the competence of our employees and plan training programs in order to meet the requirements of our Data Security Management System and operate it efficiently,
• To ensure compliance as set forth in contracts with the third parties,
• To ensure that the basic and supporting business activities of the corporation continue with minimum interruption,
• To increase the data security awareness of all our employees,
• To fulfill the liabilities and obligations required by laws and contracts regarding data security,
• To internalize data security concepts by writing and publishing all policies regarding data security and by complying with the global policies published by Live Nation Entertainment, to which our company is affiliated, and act in accordance with these policies and procedures while fulfilling our data security duties and responsibilities, comply with Live Nation Entertainment global and Biletix local policies diligently to the same extent,

It is the responsibility of all our employees to protect our data assets and business processes against various risks and possible damages. In order to fulfill such responsibility properly, it is quite important for us to fulfill the duties related to the requirements of the ISO 27001 Certificate duly and timely, to attend the planned awareness trainings and to act in accordance with the same.