Confidentiality and Information Security Agreement (NDA)

This Agreement is entered into between Şimşek Software Bilişim Hizmetleri (hereinafter referred to as the "Contractor") and the natural or legal person with whom a service relationship is established (hereinafter referred to as the "Client"), for the purpose of protecting the confidential information to be shared during the cooperation process. This Agreement is mutual in nature and creates the same obligations for both parties.

1. Definition of Confidential Information

"Confidential Information" covers all kinds of technical and commercial information conveyed by one party to the other party verbally, in writing, electronically or in any other medium, including trade secrets, business plans, financial data, customer lists, software architecture, source codes, design files, project requirements, pricing policies and the strategic decisions of the Parties.

2. Confidentiality Obligations

2.1. Each Party shall use the Confidential Information it receives solely for the purpose of the cooperation under this Agreement and shall not disclose it to third parties.

2.2. Access to Confidential Information shall be limited to employees and subcontractors on a need-to-know basis; these persons shall also be bound by an equivalent confidentiality obligation.

2.3. The Parties shall take reasonable technical and administrative measures to protect Confidential Information against unauthorized access, loss or disclosure.

3. Exceptions

The following information is not subject to the confidentiality obligation:

• Information that is publicly available or becomes publicly available without the fault of the Receiving Party
• Information that the Receiving Party possessed before this Agreement and has documented as such
• Information that the Receiving Party has obtained from third parties through legitimate means
• Information that the Receiving Party has independently developed
• Information disclosed due to the requirement of a competent court or administrative authority (in which case prior written notice is given)

4. Information Security Standards

4.1. The Contractor shall protect the personal and commercial data processed during the project against unauthorized access and shall use encrypted channels in communications.

4.2. Current security patches are applied to the devices and systems used in the project work.

4.3. Project source codes and documents are kept in private repositories; sharing takes place only after authorization.

5. Term of the Agreement

The confidentiality obligation comes into force upon the signing of the Agreement or the start of the cooperation and continues for a further 3 (three) years from the end of the cooperation.

6. Return of Information upon Termination of the Agreement

Upon the termination of the cooperation or at the request of the Receiving Party, all documents, copies and electronic records containing Confidential Information are returned or securely destroyed within 10 (ten) business days; a destruction confirmation document is provided to the other party.

7. Sanctions in the Event of Breach

7.1. In the event of a breach of the confidentiality obligation, the breaching party shall compensate for all damages arising from such breach.

7.2. In cases where it is difficult to determine the material damage due to the nature and scope of the breach, the aggrieved party may claim reasonable compensation without the requirement of concrete proof.

7.3. The right to compensation does not eliminate the other legal obligations of the breaching party.

8. Governing Law

This Agreement is governed by the laws of the Republic of Türkiye. In disputes, the Istanbul Courts have jurisdiction.