Information Security Policy

1. Purpose and Scope of Information Security, and the Management’s Approach to It

ZER MERKEZİ HİZMETLER VE TİCARET A.Ş. (ZER) see corporate information as a very valuable asset. Information is crucial for the sustainability of our business activities; therefore it must be protected properly. At ZER, we implement the Information Security Management System (BGYS) ISO 27001 standards to minimize the impact and the number potential risks posed on corporate information in terms of confidentiality, integrity, and usability.

ZER has adopted the following principles particularly:

  1. Assure confidentiality, integrity, and usability of the data and information systems of ZER,
  2. Assess and systematically manage the risks posed on the information systems,
  3. Meet the requirements of Information Security systems,
  4. Fully adopt the legislation on Information safety,
  5. Improve and maintain Information Safety Management System,
  6. Provide training courses to improve tchnical and behavioral competency to raise awareness on information safety,
  7. Have the Board of Information Safety prepare and publish other sub procedures linked to these principles.

These information security principles of ZER are binding, and apply to all ZER employees including full time, part time, permanent or contracted personnel that have Access to ZER data or business systems irrespective of their business units or geographical locations. Third party service providers and their support personnel who are not included in the aforementioned category but have access to ZER data have to follow other specially designed security instructions and rules which include the general principles of the aforementioned policy.

1. Introduction

1.1 Zer Merkezi Hizmetler ve Tic. A.Ş. (“PROMENA“) provides B2B e-sourcing platform (“PLATFORM”) which allows web-based and secure business-to-business purchasing activities, negotiations and communications between the buyer company (“BUYER”) and the suppliers (“SUPPLIERS”).

1.2 The PLATFORM includes Request for Information (“RFI”), Request for Quotation (“RFQ”), Request for Proposal (“RFP”) and Reverse / Forward e-Auctions (“e-AUCTION”) events depending on whether the BUYER is looking for the information, quotations and proposals for supply of goods and services or the selling goods or services. BUYER sends out requests to SUPPLIERS for participation, through the secure platform, and SUPPLIERS can access the platform and participate in an Online Negotiation Event (“EVENT”) by submitting Information (“INFO”) or Bids (“BIDS”).

1.3 The BUYER and SUPPLIERS agree to be bound by the following Terms of Service (“TERMS”). Any employees that provide information to PROMENA under these TERMS must have the authority to represent the BUYER or SUPPLIERS.

2. Use of Services

2.1 There are two service models. The models differ from each other as follows:

(a) On-Demand: PROMENA provides the PLATFORM, general know-how on running EVENTs, EVENT consultancy, operational EVENT management and support services. BUYER requests a purchasing EVENT management from PROMENA, PROMENA analyses the EVENT details, prepares a road map for the EVENT and comes to an agreement with the BUYER. BUYER decides all managerial issues like the EVENT format, approved SUPPLIERS and competitive settings. PROMENA is acting as an EVENT consultant. PROMENA users prepare the EVENT in the PLATFORM with respect to BUYER’s decisions. In addition, PROMENA provides additional operational services as training of SUPPLIERS, live EVENT management, reporting and technical support. All the final decisions will be given by the BUYER.

(b) Self-Service: PROMENA provides the PLATFORM and support services. PROMENA creates BUYER company and user accounts. BUYER users decide the EVENT details and manage the EVENTs by themselves. PROMENA will provide technical support to the users of the PLATFORM via e-mail and phone calls.

2.2 In both on-demand and self-service models, BUYER is the decision and policy maker. PROMENA acts as a PLATFORM provider and is not responsible for the communications, aggrements and business between BUYER and SUPPLIERS.

2.3 Both service models (separately/jointly) may be used with respect to BUYER needs. The running of the EVENTs are outside the responsibilities of PROMENA. The BUYER who created the EVENT is responsible for the EVENT. For any third party claims arising from the EVENTs, PROMENA will be indemnified by the BUYER.

2.4 BUYER registers to the PLATFORM by filling the registration form on PROMENA corporate website ( BUYER undertakes that they will write the correct details on the form and will keep them up to date.

2.5 The SUPPLIERS submit INFO and BIDS for the items, services or questions which is defined by the BUYER in the PLATFORM. The BUYER identifies the terms and conditions of the EVENT and the SUPPLIERS who are participating the EVENTs agree that they can undertake these terms and conditions.

2.6 BUYER reserves the rights to reopen, terminate or cancel the EVENTs. If any SUPPLIER wants to withdraw a BID or withdraw from the EVENT, SUPPLIER should communicate with the BUYER. BUYER has rights to cancel a BID or dismiss a SUPPLIER from an EVENT.

2.7 BUYER will be charged for use of the PLATFORM with respect to the service model and usage frequency. In general, on-demand pricing will be EVENT based and self-service pricing will be based on montly or yearly payments. SUPPLIERS will not be charged for registration or to participate to EVENTs. The parties may agree upon different terms to overrule this paragraph.

2.8 The users of BUYERs and SUPPLIERS undertake to keep their personal username and password secure and confidential. It is strictly prohibited for log-in details to be shared within or external to an organisation and this may lead to significant risks to all parties. Any damages arising from the breach of confidentiality of login information will be compensated by the party that is responsible for that login information.

2.9 PROMENA is not responsible for the supplied items or services by the SUPPLIERS. PROMENA is not a party to any contract or commercial terms between BUYER and SUPPLIERS. In addition, BUYER undertakes SUPPLIER selection, validation and auditing.

2.10 BUYER will evaluate the BIDS based on price, performance and quality criterias. BUYER is not obliged to award the EVENT to the SUPPLIER who has the lowest BID.

2.11 PROMENA reserves the right to update and change these TERMS from time to time without notice and at its sole discretion. The BUYERs and SUPPLIERS are obliged to check PROMENA corporate website ( for the changes.

2.12 We will endeavour to allow uninterrupted access to the PLATFORM, but access to the PLATFORM may be suspended, restricted or terminated at any time because of the nature of the Internet. PROMENA will announce scheduled maintenance periods. PROMENA will also have no liability in respect of any transmissions the Users send through PROMENA and the Users do so entirely at their own risk.

2.13 Whenever there is a dispute on the EVENT time, the PROMENA server time will be the reference. The SUPPLIER should be aware of this and should place their bids according to PROMENA’s server time.

2.14 BUYER gives consent for that PROMENA may use all the relevant data from the activities of the BUYER for marketing purposes. Confidential information will not be published by PROMENA.

2. Employees’ Responsibilities

The purpose of these Information Security principles and this policy is to safeguard, maintain, and manage the confidentiality, integrity, and usability of the company’s sensitive data and business support systems, and the procedures and applications thereof. This means only the authorized personnel shall have access to the sensitive ZER data; the information kept shall be full, accurate, and usable; and the information and the systems shall be accessible and usable when needed. Hence, it is ZER’s employees’ including outsourced personnel and trainees’, and dealers’, subindustry personnel’s’ responsibility to safeguard the sensitive information within ZER while doing their jobs.

All ZER personnel are required to not only keep ZER’s sensitive information and data full, accurate, and usable but also adopt the principles of ZER’s business ethics, and safeguard the confidential information given in ZER Personnel Regulations.

ZER is committed to take the precautions set out in the Privacy Act and be in full compliance with it.

3. Free Trial

3.1 BUYER can register for free trial period from corporate website. One or more Promena e-Sourcing Platform services will be available to the BUYER during the free trial period. Before the expiration of free trial period, BUYER can get contact with PROMENA sales team in order to purchase a subscription and continue to use the PLATFORM. Otherwise BUYER account will be expired at the end of the free trial period.

3.2 The data entered by the BUYER during the free trial period will not be deleted from the PLATFORM. After expiration of free trial period, if BUYER decides to purchase a subscription, the data entered in the free trial period will be accessible.

3. Guidance on Policy Handling and Information Safety

The Board of Information Safety shall have the functional responsibility of this policy and all standards, as well as other supporting documentation and trainings, and the board shall also function as an advisory board, and provide guidance to ZER on the implementation of this policy.
The Board of Information Safety shall provide the appropriate training activities on raising the awareness of Information Safety in all employees, and provide guidance on how to handle general information safety issues. When necessary, the board shall support this policy with detailed standards, procedures, and processes, and ensure they are ready to implement, when necessity arises. The board shall also have the responsibility of communicating the requirements of this policy to all-permanent or contracted- employees, and contractors of the company.
The chairman of the Board of Information Safety shall have the responsibility of maintaining and preparing a general outline of management, and keeping this policy updated, and shall ensure that the policy and the principals thereof be constantly reviewed so that they will cover the latest changes in the business related threats or the risks the data or the information systems of ZER and its affiliates are exposed to.
In addition to the property and risk updates to cover the recent risks posed on ZER data and properties, the Information Safety policies are reviewed at least once a year. The Information Safety policies are updated with the necessary additions to have control over the new risks or the changes in existed risks. Moreover, any employee of ZER may request the Board of Information Safety to modify or change any policy so that ZER can have more control over data safety when necessary. Such requests are assessed by the Board of Information Safety.

The principles set out in the Information Safety Policy should be followed and implemented parallel with the Personnel Regulations set out by the Human Resources department of ZER. The employees are required to be aware of the company’s Information Safety Policy, and follow the principles thereof.eof.

4. Supervising and Handling the Cases of Compliance or Non-compliance with the Policies

The managers of the units are fully responsible for taking necessary actions to implement the Information Safety Policies and supervising the system.
The Board of Information Safety is responsible for periodically inspecting the compliance with all policies, procedures, and the relevant standards, and reporting their observations to the persons in charge.
Any loss of ZER arising from any breach of the Information Safety Policy, and failure of implementation of the necessary security checks against the risks posed on the company, may result in jurisdiction to be exercised, and the company may claim material compensation for such losses and damages pursuant to the new Turkish Criminal Code. Furthermore, the aforementioned breach is also the violation of the Personnel Regulations of ZER, and this may result in disciplinary action. Any breach of Information Safety Policy observed, detected, or reported may result in disciplinary actions that may be extended further to dismissal, and jurisdiction.
Working collectively to implement this policy will help us protect our sensitive data and reputation, and maintain our business achievements.

4. Support

4.1 Support will be given in the form of e-mail and phone by PROMENA Support Team. This support will cover consultancy on the events for the on-demand users and be in the form of technical support for the self-service users.

4.2 BUYER and SUPPLIER users may always contact PROMENA Support Team in settling technical infrastructure and PLATFORM server problems arising during use of the PLATFORM and may inform malfunctions. PROMENA shall render assistance service within working hours from 9.00am to 18.00pm at GMT+2 in case of all kinds of problems and errors.

4.3 Tutorials and guides will be provided to BUYER and SUPPLIER users with respect to their service models and user roles.

4.4 Required customization and changes shall be evaluated separately, requests conducing significant changes in system shall be priced separately.

4.5 BUYER and SUPPLIER users will be informed in case of scheduled maintenance and updates of the PLATFORM.

5. Objectives

In order to protect ZER’s reputation, credibility, information property, and to maintain primary and supportive business activities with as little interruption as possible, the ZER Information Safety aims to

  • Ensure sustainable information systems,
  • Raise the level of employees’ knowledge, awareness, and compliance with the safety requirements to the maximum,
  • Ensure full compliance with the agreements entered into with third parties,
  • Minimize the number of cases of violation of information safety, and turn them into learning opportunities,
  • Create, access to and save information in compliance with laws,
  • Implement the latest and the most effective security checks.

All ZER employees are required to support the achievement to these objectives.

5. Fees and Payment

In order to protect ZER’s reputation, credibility, information property, and to maintain primary and supportive business activities with as little interruption as possible, the ZER Information Safety aims to

  • Ensure sustainable information systems,
  • Raise the level of employees’ knowledge, awareness, and compliance with the safety requirements to the maximum,
  • Ensure full compliance with the agreements entered into with third parties,
  • Minimize the number of cases of violation of information safety, and turn them into learning opportunities,
  • Create, access to and save information in compliance with laws,
  • Implement the latest and the most effective security checks.

All ZER employees are required to support the achievement to these objectives.

6. Liabilities

6.1 Parties accept and undertake that they shall fulfill the obligations set forth in this agreement in a whole and complete manner. Parties have a right to suspend their obligations in this Agreement or terminate this Agreement in case the failing party does not fulfill or not carry out its obligations.

6.2 BUYER shall let only internal Users (“Internal User”) in his own business domain and SUPPLIERS enter and use the PLATFORM. PROMENA has the right to immediately dismiss natural person or legal entity that are not Internal User or SUPPLIER from the PLATFORM and to forbid them to use the PLATFORM. BUYER is responsible for keeping the user accounts of the users confidential and private and he admits not to give and reveal these User Accounts to any third party. BUYER is also responsible for any statement issued and any act or neglect performed during the time in which user accounts of BUYER are used. PROMENA is not in charge of any security breach about to occur because of BUYER’s not keeping the user accounts confidential. BUYER accepts that in case of a lost or theft in user accounts or if he believes that privacy of user accounts is breached in any way or if he finds out that the PLATFORM is used or in case of a possibility for them to be used in an unauthorized way, BUYER shall inform PROMENA immediately. PROMENA reserves its right to cancel BUYER’s user accounts with prior notification.

6.3 BUYER gives all permission and authority which are needed for services and activities under this Agreement to be carried out by PROMENA and he admits that PROMENA shall make all necessary and appropriate decisions related to this purpose. BUYER gives right to use and copy his name, logo and brands for the purpose of being put into the PLATFORM by not subjecting PROMENA to any license fee.

6.4 BUYER accepts that he shall not upload any program/data to the PLATFORM (i) encroaching or breaching any third party’s rights including rights of any kind of intellectual property; (ii) including aspersion, insult or threat, contrary to morality and customs or illegal or (iii) viruses, “worms”, “Trojan” or having other harmful features. BUYER accepts not to use the PLATFORM with illegal purposes or to realize this kind of purposes. PROMENA, at its sole discretion, reserves its right to cancel transactions contrary to these provisions and to delete and change EVENT information contrary to these provisions.

7. Confidentiality

In order to protect ZER’s reputation, credibility, information property, and to maintain primary and supportive business activities with as little interruption as possible, the ZER Information Safety aims to

  • Ensure sustainable information systems,
  • Raise the level of employees’ knowledge, awareness, and compliance with the safety requirements to the maximum,
  • Ensure full compliance with the agreements entered into with third parties,
  • Minimize the number of cases of violation of information safety, and turn them into learning opportunities,
  • Create, access to and save information in compliance with laws,
  • Implement the latest and the most effective security checks.

All ZER employees are required to support the achievement to these objectives.

8. Property Rights

8.1 All the related rights to the intellectual properties on the PLATFORM are belong to PROMENA. This agreement does not give any rights or licenses which are related to the intellectual rights except the rights that the Users have to use in accordance with nature of the service.

8.2 PROMENA is the owner of all property and disposition rights on PROMENA PLATFORM and PROMENA brands and neither provision in this Agreement grants to BUYER the right of property or related rights and interests. BUYER is only granted a non-exclusive and limited right of access to the PLATFORM with the intention of internal using for purchasing activities and including the rights to use these and right valid during the term of this Agreement and nonassignable to others. Unless otherwise agreed, BUYER cannot use the PLATFORM and PROMENA brands or any part of these and he cannot copy, duplicate, forward, expose, distribute, publish, cycle, change, create derivative work from these, he cannot give sub-license, convey, hand over, use for trading or inflict other similar acts. BUYER shall label copies that he takes in authorized amount from the PLATFORM about all necessary PROMENA copyright, commercial brand and other private property rights. BUYER shall not delete, wipe out or cover these labels and put other warning or signs onto them. BUYER shall not let third parties to copy, use or expose materials from the PLATFORM.

8.3 PROMENA shall keep the copies of purchase Information, and under the seal of names of BUYER and SUPPLIERS secrecy, shall use these information including copying, distribution, publishing of them and making derivative works from them with the aim of installation and operating of the PLATFORM and for PROMENA’s liabilities and responsibilities related to the services to be carried out and executed.

5. Force Majeure

Any delay or failure in the performance by either party hereunder shall be excused if and to the extent caused by the occurrence of a Force Majeure. For purposes of this Agreement, Force Majeure shall mean a cause or event that is not reasonably foreseeable or otherwise caused by or under the control of the party claiming Force Majeure, including acts of God, fires, floods, explosions, riots, wars, hurricane, sabotage terrorism, vandalism, accident, restraint of government, governmental acts, injunctions, labor strikes, other than those of PROMENA or its SUPPLIERS, that prevent PROMENA from furnishing the materials or equipment, and other like events that are beyond the reasonable anticipation and control of the party affected thereby, despite such party's reasonable efforts to prevent, avoid, delay, or mitigate the effect of such acts, events or occurrences, and which events or the effects thereof are not attributable to a party's failure to perform its obligations under this Agreement.

10. Termination of the Agreement

10.1.1 BUYER may terminate this agreement when PROMENA make amendments to these TERMS. However, the BUYER may only use this right when the TERMS amended fundamentally. Non-fundamental changes shall not constitute ground for termination-without-breach.

10.1.2 PROMENA may terminate this agreement in the event that the BUYER has failed to pay any fees within 15 days of the due date.

10.1.3 PROMENA may terminate any EVENT immediately and ban users from using the PLATFORM when there is a breach of the TERMS.

10.1.4. PROMENA has rights to reject any registration or access to the PLATFORM and to temporarily or indefinitely suspend any registered user. In case of suspension without any justified reason, PROMENA shall refund the fee equaled to remaining time to expiry of the paid period.

10.1.5 PROMENA may modify, temporarily suspend or terminate the PLATFORM at any time without notice.

10.1.6 PROMENA may suspend user accounts at any time without notice should PROMENA believe their username and/or password informations have been compromised.

10.2 The BUYER has right to terminate this agreement as long as fees are fully paid.

10.3 On termination of these TERMS, the EVENT and access to the PLATFORM will cease and all information belonging to the other party will be returned or destroyed. Adequate timescales and provision will be made for the returning of data.

11. Law and Jurisdiction

These TERMS will be construed in accordance with and governed by the laws of Republic of Turkey and each party agrees to submit to the exclusive jurisdiction of the courts of Istanbul, Republic of Turkey.

12. Others

12.1 Any change to these TERMS comes into effect immediately. If the PLATFORM is used after the change, this will be considered as an indication of the BUYER will to be bound by the new TERMS.

12.2 BUYER cannot assign or transfer any rights or duties without written approval of PROMENA.

12.3 BUYER agrees that the addresses given when registering are the permanent address of the BUYER and any change will be notified to PROMENA, immediately. Otherwise, any notification to this address will be effective.

12.4 No failure or delay by either party to this Agreement in exercising any right, power or privilege under this Agreement shall be deemed as a waiver thereof, and no single or partial exercise thereof shall preclude any other or further exercise thereof or the exercise of any other right, power or privilege. No waiver of any term, provision or condition of this Agreement shall be deemed to be or construed as a further or continuous waiver of such term, provision or condition.

12.5 The Agreement includes the whole agreement reached by the parties and replaces all former written and verbal agreements made between the parties with respect to the Subject Matter of this Agreement.

12.6 If one or several provisions of the Agreement are void or unenforceable, the validity of the remaining provisions respectively the Agreement at large shall remain unaffected. The same shall apply in case this Agreement is incomplete. The clause deemed as void or unenforceable shall be replaced with the closest one to it in TERMS of meaning and aim.