DATA BREACH NOTIFICATION FORM
(Pursuant to Law No. 6698 on the Protection of Personal Data)

1. Data Controller Information

Company Name:
PRAMİD İNŞ. MALZ. ISI SİST. SAN. VE TİC. LTD. ŞTİ.

Address:
Agah Efendi Cd. No:15/C Rüzgarlı – Ulus / ANKARA

Telephone:
+90 312 310 55 55 (pbx)

E-mail:
info@pramid.com.tr

2. Date of the Breach and its Discovery

Date of the Data Breach:
[Day/Month/Year]

Date the Breach was Discovered:
[Day/Month/Year]

Date Notified to the Authority:
[Day/Month/Year – Notification must be made within 72 hours]

3. Nature of the Data Breach

The type(s) of breach involved (check all that apply):

  • ☐ Unauthorized acquisition of personal data

  • ☐ Unauthorized access to personal data

  • ☐ Unauthorized transfer of personal data to third parties

  • ☐ Disclosure of data without deletion or anonymization

  • ☐ Data leakage due to a system vulnerability

  • ☐ Loss/theft of physical data storage medium

  • ☐ Other: [Please specify]

4. Categories of Personal Data Affected

Which of the following data categories were affected? (check all that apply):

  • ☐ Identity Information (e.g., name, surname, Turkish ID number)

  • ☐ Contact Information (e.g., address, phone number, email)

  • ☐ Financial Information (e.g., bank account, IBAN, payroll info)

  • ☐ Employment Information (e.g., personnel record, employment history)

  • ☐ Health Data

  • ☐ Criminal Convictions and Security Measures

  • ☐ Visual and Audio Data

  • ☐ Other: [Please specify]

5. Number and Categories of Data Subjects Affected

Estimated Number of Affected Individuals:
[e.g., 250 employees, 120 customers]

Categories of Affected Individuals:

  • ☐ Employees

  • ☐ Customers

  • ☐ Suppliers

  • ☐ Visitors

  • ☐ Other: [Please specify]

6. Possible Consequences of the Breach

  • ☐ Identity theft or fraud

  • ☐ Exposure to illegal use of personal data

  • ☐ Personal security threats

  • ☐ Financial loss

  • ☐ Other: [Please specify if any]

7. Measures Taken or Planned in Response to the Breach

  • ☑ Affected systems were immediately deactivated

  • ☑ An internal investigation/audit has been initiated

  • ☑ Data subjects have been informed via email/SMS

  • ☑ The technical vulnerability causing the breach has been fixed

  • ☑ Corporate cybersecurity protocols have been updated

  • ☑ Legal and criminal procedures have been initiated

8. Method of Notifying Data Subjects

  • ☐ SMS

  • ☐ Email

  • ☐ Telephone

  • ☐ Company Website

  • ☐ Other: [Please specify]

Date of Notification to Data Subjects:
[Day/Month/Year]

9. Attachments

  • ☐ System records/logs related to the breach

  • ☐ Documents evidencing measures taken

  • ☐ Sample of notification provided to data subjects

  • ☐ Other: [Please specify if any]

10. Signature of the Authorized Person

Full Name:
Position:
Date:
Signature: