During the survey and interview activities conducted under the GDPR Awareness and Preparedness Level Project in the Accommodation Sector (GASCA), we, as GASCA project partners AIFORLIVES GmbH and AYDO YAZILIM Ltd. ("Executors"), will access, collect and process the organizational information ("Organizational Information" or "Information") and personal data of the employees of the participating organization ("Personal Data" or "Data") regarding compliance with the General Data Protection Regulation ("GDPR") of the European Union.

We hereby commit to:

• Not processing or granting access to the Information and Data in a manner that violates the law,

• Taking all necessary technical and administrative measures to ensure an appropriate level of security according to the nature of the information and data,

• Not transferring or disclosing the Information and Data to any third party or exceeding the required number of copies depending on the nature of the work,

• Promptly notifying the Participant of any data breaches that may arise due to the fault or intent of any sub-data processors with whom we share the information and data to perform the work or our employees working in the process,

• Notify the Participant as soon as possible if there is a legally binding request from a judicial authority that requires disclosure of the information and data, provided that there is no legal obstacle to this in the relevant legislation,

• Complying with the decisions and opinions of data protection authorities,

• Not transferring the Information and Data abroad in any way without informing and obtaining explicit consent from the Participant,

• Anonymizing the information and data collected during the survey conducted for the Participant, except for the corporate communication information collected for communication purposes, after the completion of the project process,

• Informing the Participant and obtaining its approval in a verifiable manner if it becomes necessary to transfer the Information and Data to a sub-data processor other than already mentioned ones in our Privacy Policy, according to technical needs,

• Ensuring that such sub-data processors have fulfilled the administrative and technical requirements related to GDPR before transferring the Information and Data to them,

• Abiding by the conditions specified in the commitment and the obligations arising from the laws and GDPR, otherwise being held administratively and criminally responsible for the damage that the Participant may suffer in proportion to the fault rate.