Yöntem's Privacy and Data Protection Commitment

Yöntem Research always prioritizes security and data privacy issues for its Clients, Suppliers, Employees and Participants, which it defines as stakeholders. In this context, Yöntem Araştırma complies with the rules of the national and international professional organizations to which it is affiliated(ICC/ESOMAR, TÜAD, WAPOR), the General Data Protection Regulation ("GDPR") prepared by theEuropean Union and entered into force on 25 May 2018, and the requirements of all existing laws and regulations, especially the Personal Data Protection Law (KVKK), regarding the protection of the information of the participants who share their valuable opinions.

Methodology The research was conducted to analyze the impact of IT Security and Information Management policies on ISO 27001 standard and takes a proactive approach to ensure the protection of the personal data of its customers, participants and employees. Yöntem's approach to some of the issues specified by the GDPR can be briefly summarized as follows:

1. Anonymous data and access security (Participants)

Method The research uses anonymization techniques to protect the personal information of the participants during data collection. For this purpose, participant information is used only to monitor the operation process and at this stage, access to this information is not allowed except for field and control teams. In anonymized data, in the absence of explicit consent, answers are never matched with individuals and are not identified with features that may indirectly disclose individuals. In addition to the anonymization of participants' data, their personal data is also protected at the highest security level. The same applies to details such as lists and access information provided by business stakeholders.

2. Employee training

Within the scope of adopting quality processes and creating widespread awareness, Yöntem regularly conducts employee information trainings. Since 2018, GDPR and KVKK-related issues have also been included in the agenda of these trainings, which are conducted regularly every year. Thus, Yöntem supports all employees to work in compliance with GDPR and KVKK policies and ensures their follow-up.

3. Suppliers

Since Yöntem prefers to walk hand in hand with its suppliers among its stakeholders, it works closely when selecting its suppliers and conducting business processes together. Due to this way of working, it conducts the selection of suppliers sensitively and closely monitors the compliance of its suppliers with ISO standards on both professional and security issues. Within this framework, it controls and monitors the compliance of its suppliers with ISO 27001, GDPR and KVKK through the mechanisms it has established. Suppliers cannot share their personal data processing services with any other stakeholder without the approval of Yöntem.