1.1 Treda is a B2B company which builds e-marketplaces, whose first achievement is ChemOrbis. ChemOrbis is Turkey's first and sole e-B2B marketplace for chemicals, premiering with plastics, which provides a neutral virtual trading platform and industry related content. Content provided by the member companies includes market prices, market conditions, and market expectations.

ChemOrbis keeps information about member companies, as well as about the auctions which are performed at ChemOrbis web site. Both kinds of information are kept confidential.

ChemOrbis has classified all the information which is provided, created, purchased by the company itself.

Access to information about the members (company information, address, telephone numbers, contact people, e-mail addresses, products, product potentials, supply chain information, auction parties, auction quantity, shipment/ payment terms agreed by the parties) is limited to the ChemOrbis sales and customer support teams.

Access to information about the auctions is open to Treda Business Development, ChemOrbis Customer Support and Sales staff according to the rules set by the auctioneer.

All the Treda and ChemOrbis personnel including the sales and customer support staff are required to sign non-disclosure agreements.

Each ChemOrbis member is provided with an administrator user name and password (passwords are alphanumeric and randomly provided by the system). Passwords are required to be changed as soon as the member logs on the site. The company administrator may add other users in the name of the same company with an operator status. Member companies may enter all the password protected areas on the ChemOrbis site which are; "Marketplace", "Bulletin", "Factors to watch", "Industry News Digest".

Access to information designated as "confidential" will be restricted only to our employees with a need to know.

ChemOrbis may share information with third parties after signing non-disclosure agreements. ChemOrbis collects information from member companies. ChemOrbis classifies this information using series of codes "n, n-1, n-2." this classification will apply without any further changes. However in case ChemOrbis changes how it classifies its member information (which means if ChemOrbis decides to change the classification of the information having "n-1" and / or "n-2" level to "n" level which is to a lower level), then it will e-mail its members to give them the option to change their decision about what they choose to make visible . ChemOrbis has also created appropriate personalities included in that classification for the purpose of describing who has the right to reach what information both inside and outside the company (like employees, member companies or third parties after signing non-disclosure agreements etc.).

When a member company ceases to be a member of ChemOrbis, ChemOrbis changes the status of the former member from "accepted" to the one that is "rejected". Members in rejected status are not displayed in the system anymore, nor can log in to the system by their user names and passwords. ChemOrbis treats all the information about its members equally confidential regardless of the status assigned to the company in the system.

On each business day, ChemOrbis publishes current market news and price reports on its web site http://www.chemorbis.com. These reports include the daily/ weekly/ monthly Polymer and Monomer Price and Analysis Reports.

The ChemOrbis Content Team, which is responsible for compiling these reports, gather the data, which they require, solely through their personal contacts with buyers and sellers in the Turkish chemical and plastics markets and from chemicals and plastics buyers and sellers from around the world, which the Content Team deems to be reliable, honest and acting with good intentions.

The ChemOrbis Content Team gathers the data from both buyers and sellers so that it can cross reference the information, which it compiles.

ChemOrbis does not allow its Content Team to access ChemOrbis' online auctions, which it facilitates via the ChemOrbis e-marketplace, Web application.

When the ChemOrbis Content Team contacts buyers and sellers to gather its data, it identifies itself and advises its contacts that any information they might provide, at any time, to any member of ChemOrbis may be used by the Content Team to provide content on the web site, http://www.chemorbis.com.

ChemOrbis management asserts that in no way does its Content Team try to coerce anyone into providing data for its Market Prices and Analysis nor does the Content Team try to hide the fact that it is collecting data for its Market Prices and Analysis.

As noted in paragraph 1 above, ChemOrbis maintains a web site, http://www.chemorbis.com, on which it publishes current market news and price reports, which include the daily/ weekly/ monthly Polymer and Monomer Price and Analysis Reports. It also facilitates ChemOrbis' online auctions, its e-marketplace. ChemOrbis management asserts that it protects the identities of the buyers and sellers, from whom its Content Team gathers data and the identities of its members who may or may not participate in its online auctions. It protects these identities by enforcing procedures, which ensure that it does not disclose any company names or other identifying information, either via its web sites or by other means, which a user of its web sites or other person might use to infer the source of the price or analysis.

1.2 If you have any questions about our organization or our policies on confidentiality as stated at this site, please contact privacy@treda.com.tr .

Should you feel that there has been a breach to the security of this site please contact ChemOrbis Customer Services Unit immediately.

1.3 ChemOrbis will continue to treat all information about its customers and the auctions on the site confidential as it has been before.

2.1 Treda has a detailed security policy which provides guidelines for site members and the office personnel as well. Members are provided with a user name (they define their own user names) and a password which is randomly chosen by the system, is alphanumeric and required to be changed as soon as the user logs on. Members are responsible for the safety of their user names and passwords. Each company has an administrator user. Administrator users may add operator users to act in the name of the company with lesser degree privileges. Operators may act as administrators as long as they know the authorization codes for some of the tasks, since they cannot reach the full menu they can never be a full fledged administrator.

As part of the security policy, all the information is classified according to the level of security it is assigned. Treda and ChemOrbis personnel can reach information according to the security level set for them.

Physical access is controlled both for the office building and the co-location center which serves ChemOrbis and Treda production servers. In addition to them servers at the office building are kept in an isolated place which is located at the IT department.

Treda security policy is documented defining all the details about the security issues. All the personnel (including the new comers) are required to abide by the rules and regulations set by the company. They accept the rules by signing non-disclosure agreements. Treda security policy is guarded and reviewed by the Treda Security Committee on quarterly basis. TSP document is kept up-to-date and the personnel are informed about the updates. Documented system security objectives, policies, and standards are consistent with system security requirements defined in contractual, legal, and other service level agreements. A complete policy with details regarding access, scripting, updates, and remote access are available for review by qualified personnel. This document is not available to the general public.

2.2 As part of their orientation, the confidentiality and related security policies are reviewed with new employees and the key elements of the policies and their impact on the employee are discussed. The employee must then sign a statement signifying that they have read, understood, and will follow these policies. Each year, as part of their performance review, employees must reconfirm their understanding of and compliance with these policies.

Strong, static passwords are used for systems that do not require a strong identification and authentication mechanism.

2.3 ChemOrbis signs a non-disclosure agreement with the third parties before sharing information as stated in disclosure A1. ChemOrbis may provide information to the third parties as described in categories "n" and "n-1" which are company name, company logo, company type, founding date, city, country, areas of business, products sold - purchased, annual volume. ChemOrbis provides that information for the purposes of adding new trading modules to the existing ChemOrbis model, building new projects for ChemOrbis in part with third parties etc.

3.1 ChemOrbis makes sure that the visitors to the ChemOrbis site use secure session to make their application to be a member company.

3.2 All external users are required to provide a unique user ID and password to enter the marketplace and reach market news provided by ChemOrbis.

Strong, static passwords are used for systems that do not require a strong identification and authentication mechanism.

3.3 In order to update, change or delete (only the administrator and customer support staff can delete operators, administrators cannot be deleted it is possible only in the case of company deletion) user information administrator's user name and password are required. After providing this information in a secure session, the user can proceed to the user profile section for any changes.

3.4 Logical access control procedures (firewalls, routers, and password controls) are maintained by the IT department. These controls are tested on a periodic basis by performing penetration testing from both within the internal network and from the internet.

Remote access is provided to key employees; the system accepts remote calls and verifies the user.

3.5 Idle workstations are timed out after 10 minutes in the office. Access to the corporate IT facilities is limited to authorized employees, other staff or the visitors are required to be assisted by the IT personnel.

3.5.1 During the daily backup routine, the data is secured from both physical and logical access by unauthorized personnel.

During any restoration process, no access is allowed by unauthorized personnel.

3.6 Employees are required to sign a non-disclosure agreement as a routine part of their employment. This agreement prohibits any disclosures of information and other data to which the employee has access to other individuals or entities.

Appropriate access controls are in place that limit access to confidential information based on job function and need.

3.7 Confidential information is protected during transmission by using 128 bit encryption technology (SSL technology).

ChemOrbis web site has a digital certificate that can be checked using features in a standard web browser.

3.8 Treda management routinely evaluates the level of performance it receives from the ISP that hosts the company web site. This evaluation is done by evaluating the security controls the ISP has in place.

3.9 System logs are monitored weekly. Monitoring software is in place that will notify the system administrator via e-mail should any incident be in progress. If an incident occurs, a report is filed within 3 days time for follow up and analysis.

3.10 Employees are required to sign a confidentiality agreement as a routine part of their employment. This agreement prohibits any disclosures of information and other data to which the employee has access to other individuals or entities.

Appropriate access controls are in place that limit access to confidential information based on job function and need.

3.11 Treda out sources technology support or service and transfers data to the out source provider. Treda obtains representation as to the controls that are followed by the out source provider.

3.12 Treda maintains copies of all versions of the confidentiality policy. Treda attorney summarizes the key changes to this policy statement.

Treda pays attention not to make less restrictive changes to its confidentiality policy however; when changes to a less restrictive policy are made, the company attempts to obtain the agreement of its customers to the new policy.

3.13 ChemOrbis tracks the information it has provided to the third parties to make sure it is not given to the other parties or be published (TSP document Appendix D).

4.1 Treda receives support from the third parties for external threat assessment and penetration tests for the production systems on a monthly basis.

In addition group maintains and analyses the server logs.

4.2 Management reviews its disclosed confidentiality policies maintained at the web site on a quarterly basis and evaluates its compliance to these policies. Management makes any changes or needed modifications to the policy or disclosure within five business days of its evaluation.

Laws and regulations that affect the disclosed site confidentiality policy are evaluated and reported on by the corporate attorney at least annually or when new regulations require an update.

Staff meetings are held on a regular basis to address current privacy concerns and their findings are discussed at quarterly management meetings.

The company subscribes to publications and user groups specific to its industry and application in order to receive the most current security information. On a monthly basis the webmaster reports to the CIO any weaknesses perceived in the system. Management reviews this report for follow up and resolution.

4.3 Weekly IT staff meetings are held to address current security concerns and the findings are discussed at quarterly management meetings.

4.4 Security issues are recorded and accumulated in a problem report. Corrective action is noted and monitored by management.