Information Security Policy

As Fineo Digital Transformation Inc., it is of great importance to ensure compliance with legal requirements, to provide services that meet the needs and expectations of our customers, suppliers, and third-party stakeholders, and to ensure access to quality, fast, and secure services. It is also critical that our employees access information assets in a timely, accurate, complete, and uninterrupted manner. Our company has decided to establish an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2022 standard to protect the information belonging to itself, its customers, and third-party stakeholders.

The purpose of establishing the ISMS is to evaluate information in terms of confidentiality, integrity, and availability, and to protect it from any internal or external threats, whether intentional or accidental. It also ensures that the activities are carried out effectively, accurately, swiftly, and securely. Information security is a corporate responsibility and aligns with our corporate objectives. Roles and responsibilities for ensuring the proper operation of information security processes have been defined and assigned. These responsibilities cover all units using IT infrastructure, third-party users accessing information systems, and suppliers providing technical support. Through the establishment of ISMS, potential risks in all relevant areas are identified, evaluated, and brought to an acceptable level with appropriate controls, and the risk assessment procedure is implemented to keep the ISMS active within the organization.

Quality Policy

In our field of activity, our company is committed to complying with legal requirements and providing services that meet the needs and expectations of customers, suppliers, and third-party stakeholders with quality, speed, and security. Customer satisfaction is of utmost importance. The Quality Management System is a corporate responsibility and aligns with our organizational goals. Our primary objectives are to maximize customer satisfaction, enhance efficiency and effectiveness, manage resources effectively, manage customer feedback efficiently, and ensure continuous improvement. The necessary roles have been defined, responsibilities have been determined, and responsible parties have been assigned for the proper operation of quality management system processes.

Information Technology Service Management Policy

Our company is committed to ensuring that services provided in our field of activity are carried out in compliance with the ISO 20000-1 Information Technology Service Management standard. We aim to continuously improve the effectiveness of the Service Management System and services, ensure the continuity of the IT service infrastructure related to all transactions carried out through our electronic applications, ensure the satisfaction of users and stakeholders receiving IT services, prioritize and meet customer needs correctly, ensure harmony among service-providing departments, and establish a structure in line with IT service management requirements. We also commit to implementing necessary measures, fulfilling legal requirements, effectively managing risks and opportunities, and continuously improving all IT processes in line with ISO 20000.

Business Continuity Management Policy

Our company aims to ensure that all services are carried out in accordance with the ISO 22301 Business Continuity Management System standard. In the event of disasters or emergencies beyond our control, we prioritize safety of life and aim to minimize the impact on our services and activities by keeping our business continuity plans ready and continuously improving them. We conduct drills to ensure our plans work during emergencies, in consideration of legal obligations, our policies, and customer expectations. We identify and analyze possible risks that may cause service interruptions and take precautions accordingly. We manage internal and external communication regarding business continuity and meet the requirements of suppliers, customers, shareholders, employees, and legal authorities. We prepare our business continuity plans by taking into account our customers’ expectations, corporate policies, and legal obligations.

Personal Data Protection Policy

The main purpose of this policy is to provide transparency by explaining the systems adopted by the company in processing and protecting personal data in compliance with the law. This includes informing our customers, potential customers, employees, candidates, company representatives, visitors, employees and representatives of partner institutions, and other third parties whose data is processed by our company. We commit to processing personal data in compliance with the ISO 27701 Privacy Information Management System standard, fulfilling legal requirements, managing relevant risks, and ensuring continuous improvement.

Customer Satisfaction Policy

Our company adopts a customer-centric approach that prioritizes transparency in customer relations. We provide a platform where customers can easily submit their requests and complaints, which are handled objectively, fairly, attentively, and confidentially, in compliance with legal requirements and our company policy. We consider resolving every customer complaint a fundamental principle and continuously implement improvements and controls to prevent recurrence. Our customer satisfaction principles are:

We start by considering the customer to be "right" and examine the complaint from that perspective.

Every issue brought to our attention is an opportunity to improve ourselves.

We foster an understanding that aligns with our customers’ expectations for quality service.

We aim to build strong, accurate, clear, and continuous customer relationships following the provision of our products and services.

Complaint Policy

No fee is charged to customers for the evaluation of complaints, and no profit is gained from the complaint process. Company employees adhere to the principle of objectivity throughout the resolution process. The complaint procedure is open and accessible to customers. Complaints are handled impartially and fairly. Integrity is ensured in uncovering the facts related to the complaint, and all parties involved are considered. The information of the customer submitting the complaint is kept confidential and not shared with third-party institutions or individuals unless necessary for resolving the complaint.

Integrated Management System Commitment

In this context, our company commits to fulfilling the requirements of Integrated Management System standards, complying with legal obligations, enabling the implementation of all applicable controls, and ensuring the continuous improvement of the Integrated Management System with new application areas and advancing technology through regular reviews each year.