1.     SECTION 1 – INTRODUCTION

               1.1.   INTRODUCTION

               The  protection  of  personal  data  is  one  of  the  top  priorities  of  Nurol  Holding  Anonim  Şirketi
               (“Company”), which acts with utmost diligence to comply with all existing legislation related to this
               issue. One of the most important pillars in this regard is the Policy for the Protection and Processing of
               the Personal Data of Nurol Holding Anonim Şirketi (“Policy”).

               This Policy describes the approach adopted by the Company to the processing of personal data, as well
               as the fundamental principles adopted to ensure the conformity of the Company’s data processing
               activities with the regulations/provisions stipulated in Personal Data Protection Law Number 6698
               (“Law”), ensuring the necessary transparency within the Company in informing the owners of personal
               data. With full awareness of our responsibility in this regard, your personal data is processed and
               protected in accordance with this Policy.

               1.2.   SCOPE

               This Policy relates to all personal data of persons other than our Company’s employees, which may by
               processed automatically or manually if part of a data logging system.

               Detailed information on the owners of the personal data in question can be found in Annex-1 (“Annex
               1 - Owners of Personal Data”) to this Policy.

               The activities carried out by our Company to protect the personal data of our employees are managed
               in  accordance  with  Nurol  Holding  Anonim  Şirketi’s  Policy  for  the  Protection  and  Processing  of
               Employees’ Personal Data, drafted in line with the principles of this Policy.

               2.     SECTION 2 – GENERAL POINTS PERTAINING TO THE PROCESSING OF PERSONAL DATA

               2.1 Processing of Data in accordance with the Principles Envisaged in the Legislation

                   2.1.1.     Processing of Data in accordance with the Law and the Principle of Good Faith
                   The personal data of individuals is processed in accordance with the principles of trust and good
                   faith, in a manner that ensures that the fundamental rights and freedoms of the personal data
                   owners are not harmed in any way. Accordingly, personal data is processed only to the extent
                   required by, and limited to, our Company’s business activities.

                   2.1.2.     Ensuring that Personal Data is Accurate and Up-to-date when Necessary
                   Our Company takes the necessary measures to ensure that personal data remains accurate and
                   up-to-date  while  being  processed,  and  establishes  the  necessary  mechanisms  to  ensure  the
                   accuracy and currency of personal data at certain time intervals.

                   2.1.3.     Processing Data for Well-Defined, Explicit and Legitimate Purposes
                   Our Company clearly sets out its intentions in processing personal data, and processes such data
                   solely for purposes associated with its business activities.







                                                            1