As Muradiye Elektrik A.Ş. (“Muradiye Elektrik”, “the Company”), within the framework of Türkiye’s 2056 Net Zero targets, we recognize our responsibility to support our country’s transition to renewable energy and the development of clean energy infrastructure. Through our 100% renewable energy production, micro-generation projects, electric vehicle charging units, and investments in energy storage, we aim to play an active role in Türkiye’s transition to a low-carbon economy. We target achieving net zero emissions from our operations by 2056. In this context, we encourage our entire value chain to reduce carbon emissions.
In addition to our net zero goal, we strive to minimize our impact in other environmental areas. We establish mechanisms to monitor and improve our performance in water management, zero-waste policy and circular economy, biodiversity, and waste management. We value creating positive impacts for the community we are part of, as well as for our internal and external stakeholders. In this regard, we monitor our social performance. We believe that transparency, traceability, and accountability are the most important components of institutionalization. We strengthen our corporate structure within the framework of global principles and share our performance with all stakeholders. In this direction, we have prepared our Sustainability Policy to declare the fundamental sustainability principles that guide our activities.
1. PURPOSE
This policy has been created to ensure that Muradiye Elektrik’s business model, all activities, and processes align with the company’s sustainability strategy; that environmental, social, and economic sustainability, along with corporate governance, are considered in all company activities; and that the company’s sustainability goals, objectives, expectations, and performance criteria are understood by all stakeholders.
2. SCOPE
The Sustainability Policy covers, - All managers and employees of Muradiye Elektrik A.Ş. and its subsidiaries, - If applicable, the Company’s overseas liaison offices and their employees, - Companies from which we procure goods and services and their employees, as well as external service providers, including consultants, lawyers, advisors, and external auditors acting on behalf of the Company, - Other parties with whom the Company maintains commercial relationships, including customers.
3. IMPLEMENTATION
As Muradiye Enertürk, - To ensure that environmental, social, and economic sustainability, along with corporate governance principles, are observed in all our activities, - To expand the geographic scope of Türkiye’s green energy supply by increasing renewable, clean, and green energy installed capacity, - To support the renewable energy transition of industrial enterprises through industrial renewable energy collaborations by leveraging our engineering expertise and industry knowledge, thereby contributing to the green transformation of Turkish industry, - To consider environmental, social, and economic impacts in all our activities and investments, and to take these dimensions into account in business decisions, - To adopt a zero-waste policy, minimize our waste, and develop and implement circular economy solutions, - To regularly monitor and improve our water management performance, - To protect biodiversity, regularly analyze our impact, and take measures to eliminate any negative effects, - To take into account the expectations and priorities of our stakeholders when setting our goals and objectives, - To align our strategy and investments with the United Nations Sustainable Development Goals (SDGs) and contribute to the SDGs and their sub-targets, - To regularly report on the management of our environmental, social, and economic impacts in accordance with international standards and frameworks, - To provide a safe working environment for our employees by monitoring and reporting our occupational health and safety performance, and to implement improvement practices in line with the principle of continuous improvement, - To calculate, monitor, and report greenhouse gas emissions arising from our operations in the context of combating climate change, and to achieve net zero by 2056, - To conduct sustainable supply chain activities and audit our suppliers in this context, - To contribute to the social and economic development of local communities in our areas of operation, prioritizing local employment and procurement, - To adopt the principles of equal opportunity, diversity, and inclusion; and to prevent discrimination based on mental or physical disability, religion, language, race, age, socioeconomic status, or gender, - To provide equal rights and opportunities to all employees in processes such as remuneration, rewards, promotions, and performance evaluations, - To contribute to gender equality, ensure equal opportunities for women in professional life, and increase female employment, - To support youth participation in employment and the development of their skills through education/internship programs, - To respect employees’ rights to representation and collective bargaining; to tolerate no bribery or corruption, as emphasized in the Anti-Bribery and Anti-Corruption Policy; and to comply with all relevant laws and ethical rules, - To adopt and implement the 10 Principles of the United Nations Global Compact, of which we have been a signatory since 2022, - To communicate the Sustainability Policy to all our employees, make it publicly accessible through digital channels, and share it with all stakeholders, - To create platforms that enable internal and external stakeholders to provide feedback and suggestions regarding our environmental, social, and corporate governance performance, - To make sustainability a part of our corporate culture, We accept, declare, and commit to this as our Sustainability Policy.
| Data Category | Data Retention Period | Justification |
|---|---|---|
| Identity | 10 years from the termination of the legal relationship | Law No. 6098 |
| Contact | 10 years from the termination of the legal relationship | Law No. 6563 and related secondary legislation |
| Legal Transaction | 10 years from the termination of the legal relationship | |
| Customer Transaction | 10 years from the termination of the legal relationship | Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502 |
| Transaction Security | 10 Years | |
| Risk Management | 10 Years | |
| Finance | 10 years from the termination of the legal relationship | Law No. 6102, Law No. 213 |
| Visual and Audio Records | 10 Years | Law No. 6563 and related secondary legislation |
VI. Technical and Administrative Measures Taken by Our Company
We present below the measures taken by our company to ensure the security of personal data:
- Network security and application security are ensured. - A closed system network is used for personal data transfers via the network. - Key management is implemented. - Security measures are taken within the scope of procurement, development, and maintenance of information technology systems. - Disciplinary regulations containing data security provisions are in place for employees. - Periodic training and awareness activities on data security are carried out for employees. - An authorization matrix has been established for employees. - Access logs are regularly kept. - Data masking measures are applied when necessary. - Confidentiality agreements are executed. - Authorizations of employees who change positions or leave the job are revoked. - Up-to-date anti-virus systems are used. - Firewalls are used. - Signed contracts contain data security provisions. - Personal data security policies and procedures have been established. - Personal data security issues are reported promptly. - Monitoring of personal data security is carried out. - Necessary security measures are taken for entry and exit to physical environments containing personal data. - Physical environments containing personal data are secured against external risks (fire, flood, etc.). - Security of environments containing personal data is ensured. - Personal data are minimized as much as possible. - Personal data are backed up, and the security of backed-up data is also ensured. - User account management and authorization control systems are applied, and their monitoring is carried out. - Periodic and/or random internal audits are performed and commissioned. - Log records are kept in a way that prevents user intervention. - Current risks and threats are identified. - If special categories of personal data are sent via e-mail, they are always sent in encrypted form using KEP or a corporate e-mail account. - Intrusion detection and prevention systems are used. - Penetration testing is applied. - Cybersecurity measures are taken, and their implementation is continuously monitored. - Encryption is applied. - Data processors are periodically audited regarding data security. - Awareness of data processors regarding data security is ensured.
V. Data Subject’s Rights Under the KVKK
Real persons whose personal data are processed within Muradiye Elektrik have the following rights pursuant to Article 11 of the KVKK:
- To learn whether personal data is being processed, - To request information if personal data has been processed, - To learn the purpose of personal data processing and whether it is used in accordance with the purpose, - To know the third parties, recipients, and categories of recipients to whom personal data are transferred domestically or abroad, - To request the correction of personal data if it is incomplete or incorrectly processed, and to request that such correction be notified to third parties to whom the personal data have been transferred, - Despite being processed in compliance with KVKK and other relevant laws, to request the deletion or destruction of personal data if the reasons requiring its processing cease to exist, or to request the cessation of such processing, and to request that such action be notified to third parties to whom the personal data have been transferred, - To object to any result arising against the person through analysis of processed data exclusively by automated systems, - To claim compensation if personal data is processed unlawfully and the person suffers damage as a result.
If you wish to contact us, provide feedback, or direct your questions within the scope of KVKK, you may complete the Data Controller Application Form under the Law on the Protection of Personal Data, along with identity verification documents:
You may personally apply to the address of Muradiye Elektrik at İlkbahar Mahallesi 610 Sk. No:2, Çankaya, ANKARA, by signing the form during the application and submitting it with identity-verifying documents (ID card, driver’s license, etc.), or send it via notary to the same address, or send the form together with identity-verifying documents via the registered electronic mail (KEP) account muradiyeelektrik@hs02.kep.tr, or if your e-mail address is registered in our systems, to muradiyekvkkbasvuru@enerturk.com.
In this context, please note that written applications regarding the matter can only be accepted following identity verification by us.
Requests of the data subject will be evaluated and concluded as soon as possible, and ultimately within thirty (30) days at the latest, free of charge. In cases where the evaluation and decision-making process incurs an additional cost, the fee determined by the Communiqué on the Principles and Procedures of Application to the Data Controller shall apply. If the data subjects are not satisfied with the response to their application to our company, they may file a complaint with the Personal Data Protection Authority.
Information Security Policy
This policy aims to ensure the business continuity of Muradiye Elektrik Üretim A.Ş. and to minimize damage and risks arising from security breach incidents.
Scope:
This policy covers Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose, including their information security management system, employees, and business functions at relevant locations.
The Information Security Policy is the policy of Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose to ensure the following:
- The confidentiality, integrity, and availability of information belonging to all relevant parties of the mentioned companies are ensured. - All companies maintain an up-to-date asset inventory of their information assets and all assets that process, store, or transmit such information. They conduct risk analyses related to these assets and take measures to minimize these risks. - Confidentiality is ensured by granting access to information only within authorization. - Integrity is ensured by protecting information against unauthorized changes and recording changes made. - Availability is ensured by keeping information accessible to authorized users when needed. - All policies and procedures supporting this policy are applied by each unit. All legal requirements are fulfilled. - Continuous training is provided to all employees to raise awareness about information security. - All information security breaches and suspected situations are reported to relevant parties. Continuous improvement and monitoring are ensured by the relevant parties.
I undertake that the above-mentioned items are supported by management.
Applicability:
All employees of Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose, who have access to or influence over information assets under the information security management system, are responsible for the implementation of this policy and undertake the support of the management of the companies that approve this policy.
Objectives:
1. To determine the value of information assets, understand their vulnerabilities and threats that may put them at risk, and reduce risks to acceptable levels through appropriate risk assessment.
2. To comply with legal requirements through the design, implementation, and maintenance of the Information Security Management System.
3. To protect the institution’s reliability and reputation.
4. To comply with all customer contractual requirements regarding Information Security.
5. To ensure business continuity of the institution.
6. To achieve and maintain compliance with TS ISO IEC 27001.
Continuous Improvement:
All companies within Muradiye Elektrik A.Ş. headquarters and its purpose scope continuously improve the Information Security Management System using audit results, analysis of monitored information security incidents, corrective and preventive actions, and management reviews.
IS Committee Meeting:
As stated in the ISMS Roles and Responsibilities document, meetings are held accordingly.
Responsibilities and Sanctions:
The management of Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose establishes this policy, ensures its implementation, and reviews it. All employees of the relevant companies are responsible for complying with this policy and the supporting procedures and instructions. In case of non-compliance with the policies, procedures, and instructions created under the Information Security Management System, the management will apply one or more sanctions such as warning, reprimand, fine, or termination of contract to the institution’s personnel.
If security and operational policies of Muradiye Elektrik A.Ş. headquarters and its subsidiaries are violated by personnel, necessary disciplinary measures will be taken by the management of the relevant companies. If these violations cause harm to the relevant companies or persons they serve, the management may seek compensation for the damage from the responsible personnel.
Any deliberate action by Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose that endangers the security of information belonging to customers or suppliers is subject to disciplinary and/or legal measures.
The Information Security Manager supports the implementation of this policy through appropriate standards and procedures. The IT Management of Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose updates and ensures the continuity of the ISMS infrastructure. All personnel and contracted suppliers are subject to the Information Security Policy. All personnel are responsible for reporting security incidents and notifying identified vulnerabilities.
Review:
It is aimed to manage in an integrated manner with other management systems applied as ISMS, to protect the reliability and reputation of our brands, and to be an exemplary organization in terms of information security leadership. As the management of Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose, I declare that the implementation of the Information Security Policy, compliance checks with legal regulations, enforcement of necessary sanctions in case of security breaches, continuous improvement, and allocation of necessary resources for the improvement of information security processes are supported by management.
Leadership
The top management of Muradiye Elektrik A.Ş. headquarters and all companies within the scope of its purpose demonstrates leadership and commitment regarding the information security management system by fulfilling the following:
a) Ensuring that the information security policy and objectives are established and aligned with the strategic direction of the organization,
b) Ensuring that the requirements of the information security management system are integrated into the organization’s processes,
c) Ensuring the availability of resources necessary for the information security management system,
ç) Communicating the importance of effective information security management and compliance with the requirements of the information security management system,
d) Ensuring that the intended outputs of the information security management system are achieved,
e) Guiding and supporting individuals to contribute to the effectiveness of the information security management system,
f) Supporting continuous improvement,
g) Supporting other relevant management roles to demonstrate their leadership within their areas of responsibility.