100 SECTION 06 AL-`AQAR HEALTHCARE REIT SUSTAINABILITY STATEMENT Digital Transformation Strategy Installed backup software and data protection software Utilised VPNs to protect network connections Usage of Microsoft 365 cloud storage to protect the data Implemented IT disaster recovery plan, drills, and data recovery tests REGULATORY COMPLIANCE (CONT’D) Regulatory Compliance FY2023 FY2024 FY2025 Incidents of non-compliance with regulations resulting in a fine or penalty; 0 0 0 Incidents of non-compliance with regulations resulting in a warning; 0 0 0 Total monetary value of significant fines 0 0 0 Total number of non-monetary sanctions; 0 0 0 Cases brought through dispute resolution mechanisms. 0 0 0 DATA PRIVACY AND CYBERSECURITY Risk Area Risk Rating Risk Tolerance Level Data privacy & cybersecurity risk is a risk due to the potential loss, unauthorised access, or breach of personal and confidential data. The REIT considers matters related to data privacy and cybersecurity a key concern. Recognising that data breaches may lead to leakage of confidential data, including information key to the REIT’s operations and those of the customer’s private information, the REIT implements numerous measures and safeguards to ensure all data and the REIT’s digital wellbeing remains protected. To solidify the commitment, the REIT has developed the Personal Data Protection (“PDP”) Policy, which is aligned with the Personal Data Protection Act 2010 and outlines the approach to data management and protection, and is aligned with data protection regulations. Among the approaches to data protection, the REIT utilises a User Access Rights Matrix restrict access to sensitive information to authorised personnel, thereby reducing the risk of data leakage and data privacy breaches. In cases of a security or privacy breach, the REIT will deploy the Cyber Security Procedures alongside the Data Recovery Procedures which details established protocols on handling data breach events and protocols for data recovery. Through these initiatives, the REIT did not undergo any instances of data breaches or losses of customer data, showcasing the resilience of the data privacy and cybersecurity controls. As of 2025, there is zero substantiated complaints concerning breaches of customer privacy and losses of customer data. FY2023 FY2024 FY2025 Number of Substantiated complaints concerning breaches of customer privacy and losses of customer data 0 0 0
RkJQdWJsaXNoZXIy NDgzMzc=