SIGMA ELEKTRIK SAN AND TIC A.Sh. 

 

PERSONAL DATA STORAGE AND DESTRUCTION POLICY

 

ingredients

 

CONTENTS 2

 

INTRODUCTION 3

 

Goal 3

 

Scope 3

 

Definitions 3

 

PRINCIPLES 6

 

EXPLANATIONS ABOUT THE REASONS REQUIRING STORAGE AND DESTRUCTION 6

 

PRINCIPLES RELATED TO STORAGE AND DISPOSAL PERIODS 7

 

PROCEDURES FOR THE STORAGE AND DESTRUCTION OF PERSONAL DATA BY THE COMPANY 8

 

RECORDING MEDIA 8

 

TECHNICAL AND ADMINISTRATIVE MEASURES 9

 

Administrative Measures: 9

 

Technical Measures: 10

 

DISTRIBUTION OF RESPONSIBILITIES AND DUTIES 11

 

PROCEDURES FOR THE DESTRUCTION OF PERSONAL DATA 11

 

Deletion of Personal Data 12

 

Destruction of Personal Data 12

 

Anonymization of Personal Data 13

 

STORAGE AND DISPOSAL PERIODS 13

 

PERIODIC DESTRUCTION PERIOD 14

 

PUBLICATION AND STORAGE OF THE POLICY 14

 

POLICY UPDATE PERIOD 14

 

VALIDITY AND CANCELLATION OF THE POLICY 14

 

OTHER MATTERS 14

 

 

SIGMA ELEKTRIK SAN AND TIC A.Sh. 

 

PERSONAL DATA STORAGE AND DESTRUCTION POLICY

 

entry

 

 

 

 

Purpose

 

 

 

 

Personal Data Storage and Destruction Policy, (“Policy”) SIGMA ELEKTRIK SAN. and tic. A.Sh. 

 

 It has been prepared in order to determine the procedures and principles regarding the works and operations related to the storage and disposal activities carried out by (SIGMA ELEKTRIK). It has been prepared in order to determine the procedures and principles regarding the works and operations related to the storage and disposal activities cIt has been prepared in order to determine the procedures and principles regarding the works and operations related to the storage and disposal activities carried out by (SIGMA ELEKTRIK).

 

 

 

 

As SİGMA, we process personal data belonging to company employees, employee candidates, customers, visitors and other third parties in accordance with the T.C. The Constitution, international conventions, the Law on the Protection of Personal Data numbered 6698 (the “Law”) and other relevant legislation in accordance with the processing and ensuring the effective use of the rights of the persons concerned has determined as a priority.

 

 

 

 

The works and transactions related to the storage and destruction of personal data are carried out in accordance with the Policy prepared by the Company in this direction.

 

 

 

 

Scopee works and transactions related to the storage and destruction of personal data are carried out in accordance with the Policy prepared by the Company in this direction.

 

 

 

 

Scope

 

 

 

 

Personal data belonging to Company employees, employee candidates, service providers, visitors and other third parties are within the scoplated to the storage and destruction of personal data are carried out in accordance with the Policy prepared by the Company in this direction.

 

 

 

 

Scope

 

 

 

 

Personal data belonging to Company employees, employee candidates, service providers, visitors and other third parties are within the scope of this Policy, and this Policy is applied to all recording environments and personal data processing activities owned or managed by the Company in which personal data are processed.

 

 

 

 

Definitions

 

 

 

 

 

 

Abbreviation

 

 

 

Description

 

 

 

 

Recipient Group

 

 

 

 

The category of natural or legal person to whom personal data is transferred by the data controller.

 

 

 

 

Explicit Consent

 

 

 

Related to a specific topic, based on being informed and with free will

 

explained consent.

 

 

 

 

 

Anonymization

 

 

 

 

Even by matching personal data with other data, it becomes impossible to associate personal data with an identifiable or identifiable real person in any way

 

 

 

 

 

 

 

 

 

to be brought.

 

 

 

 

Employee

 

 

 

 

Company personnel

 

 

 

 

 

Electronic Media

 

 

 

 

Environments where personal data can be created, read, modified and written with electronic devices.

 

 

 

 

Non-Electronic Media

 

 

 

 

All written, printed, visual, etc. that are outside the electronic media. other environments.

 

 

 

 

related person

 

 

 

 

The real person whose personal data is processed.

 

 

 

 

 

 

The Relevant User

 

 

 

Except for the person or unit responsible for the technical storage, protection and backup of the data, the authority and instructions received from the data controller or from the data controller within the data controller organization

 

they are the persons who process personal data in accordance with the procedure.

 

 

 

 

Extermination

 

 

 

Deletion, destruction or anonymization of personal data.

 

 

 

 

Law/KVKK

 

 

 

Law No. 6698 on the Protection of Personal Data.

 

 

 

 

 

Recording Media

 

 

 

Personal data processed by means that are fully or partially automatic or by non-automatic means provided that they are part of any data recording system

 

any kind of environment where the data is located.

 

 

 

 

Personal Data

 

 

 

All kinds of information about an identified or identifiable real person.

 

 

 

 

 

 

 

Inventory of Personal Data Processing

 

 

 

 

The inventory in which the data controllers detail the personal data processing activities that they perform depending on their business processes, the purposes of processing the personal data and the legal reason, the data category, the recipient group transferred and the contact group of the data subject, explaining the maximum retention period required for the purposes for which the personal data are processed, the personal data that are projected to be transferred to foreign countries and the measures taken for data security.ntory in which the data controllers detail the personal data processing activities that they perform depending on their business processes, the purposes of processing the personal data and the legal reason, the data category, the recipient group transferred and the contact group of the data subject, explaining the maximum retention period required for the purposes for which the personal data are processed, the personal data that are projected to be transferred to foreign countries and the measures taken for data security.

 

 

 

 

 

 

 

Processing of Personal Data

 

 

 

The acquisition, recording, storage, storage, modification, reorganization, disclosure, transfer, acquisition, acquisition, classification or use of personal data by means that are fully or partially automatic or non-automatic, provided that they are part of any data recording systemThe acquisition, recording, storage, storage, modification, reorganization, disclosure, transfer, acquisition, acquisition, classification or use of personal data by means that are fully or partially automatic or non-automatic, provided that they are part of any data recording system

 

all kinds of operations performed on the data, such as blocking.

 

 

 

 

Deletion of Personal Data

 

 

 

Deletion of personal data means rendering personal data inaccessible and unusable in any way for the Relevant Users.tion of personal data means rendering personal data inaccessible and unusable in any way for the Relev of personal data means rendering personal data inaccessible and unusable in any way for the Relevant Users.

 

 

 

 

 

 

Destruction of Personal Data

 

 

 

The process of making personal data inaccessible, irrevocable and unusable again by no one in any way.

 

 

 

 

 

Assembly

 

 

 

 

Personal Data Protection Board.

 

 

 

 

 

Special Categories of Personal Data

 

 

 

Related to the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs of persons, disguise and clothing, membership of an association, foundation or trade union, health, sexual life, criminal conviction and security measuresRelated to the race, ethnic origin, political thought, philosophRelated to the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs of persons, disguise and clothing, membership of an association, foundation or trade union, health, sexual life, criminal conviction and security measures

 

data with biometrted to the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs of persons, disguise and clothing, membership of an association, foundation or trade union, health, sexual life, criminal conviction and security measures

 

data with biometric and genetic data.

 

 

 

 

 

 

Periodic Destruction

 

 

 

In case all of the conditions for processing personal data contained in the Law disappear, the deletion, destruction or December of personal data will be carried out on your own at recurring intervals specified in the retention and destruction policy.

 

the process of anonymization.

 

 

 

 

 

Politics

 

 

 

 

Policy of Storage and Destruction of Personal Data.

 

 

 

 

 

Processing DataPolicy of Storage and Destruction of Personal Data.

 

 

 

 

 

Processing Data

 

 

 

A natural or legal person who processes personal data on behalf of the data controller baselicy of Storage and Destruction of Personal Data.

 

 

 

 

 

Processing Data

 

 

 

A natural or legal person who processes personal data oe and Destruction of Personal Data.

 

 

 

 

 

Processing Data

 

 

 

A natural or legal person who processes personal data on behalf of the data controller based on the authorolicy of Storage and Destruction of Personal Data.

 

 

 

 

 

Processing Data

 

 

 

A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

 

 

 

 

 

Data Recording System

 

 

 

 

A registration system in which personal data is processed by being structured according to certain criteria.

 

 

 

 

 

 

Data Controller

 

 

 

 

The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

 

 

 

 

 

 

Data Responsibilities Registry Information System

 

 

 

 

An information system that data controllers will use for applying to the Registry and other related transactions related to the Registry, accessible via the Internet, created and managed by the Presidency.

 

 

 

 

 

VERBIS

 

 

 

 

Data Controllers Registry Information System

 

 

 

 

 

 

Regulation

 

 

 

 

Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.

 

 

 

 

 

 

PRINCIPLES

 

 

 

 

SIGMA acts within the framework of the following principles in the storage and destruction of personal data by SIGMA:

 

 

 

 

4 Of the Law on erasure, destruction and anonymization of personal data. with the principles listed in Article 12. which must be taken within the scope of the article and this Policy

 

5.2. Of the Law on erasure, destruction and anonymization of personal data. with the principles listed in Article 12. which must be taken within the scope of the article and this Poli4 Of the Law on erasure, destruction and anonymization of personal data. with the principles listed in Article 12. which must be taken within the scope of the article and this Policy

 

5.2. the technical and administrative measures specified in the article, the provisions of the relevant legislation, the decisions of the Board and this Policy are fully complied with.

 

 

 

 

All transactions related to the deletion, destruction, anonymization of personal data are recorded by the Company and these records are stored for at least 3 years, excluding other legal obligations.

 

 

 

 

Unless a decision to the contrary is taken by the Board, the appropriate method of erasing, destroying or anonymizing personal data is selected by us. However, if requested by the Person Concerned, the appropriate method will be selected by explaining the rationale.ision to the contrnless a decision to the contrary is taken by the Board, the appropriate method of erasing, destroying or anonymizing personal data is selected by us. However, if requested by the Person Concerned, the appropriate method will be selected by explaining the rationale.

 

 

 

 

Articles 5 and 6 of the Law in the event that all of the conditions for processing the personal data contained in the articles disappear, the personal data are deleted, destroyed or anonymized by the Company on your own or upon the request of the Relevant Person. In the event of an application to the Company by the Relevant Person in this regard;

 

 

 

 

The submitted requests are finalized within 30 (thirty) days at the latest and information is provided to the Relevant PersonThe submitted requests are finalized within 30 (thirty) days at the latest and information is provided to the Relevant Person,

 

If the data subject to the request has been transferred to third parties, this Jul-ture is notified The submitted requests are finalized within 30 (thirty) days at the latest and information is provided to the Relevant Person,

 

If the data subject to the request has been transferred to third parties, this Jul-ture is notified to the third party to whom the data has been transferred and the necessary actions are ensured to be taken by the third parties.

 

 

 

 

EXPLANATIONS REGARDING THE REASONS REQUIRING STORAGE AND DESTRUCTION

 

 

 

 

The personal data belonging to the data owners shall be stored by the Company in a secure manner, within the limits specified in the KVKK and other relevant legislation, in accordance with the principles set out in article 4 of the KVKK, 5.1. it is stored in the physical or electronic environments specified in the article, especially within the framework of the following purposes.ta belonging to the data owners shall be stored by the Company in personal data belonging to the data owners shall be stored by the Company in a secure manner, within the limits specified in the KVKK and other relevant legislation, in accordance with the principles set out in article 4 of the KVKK, 5.1. it is stored in the physical or electronic environments specified in the article, especially within the framework of the following purposes.

 

 

 

 

Continuing commercial activities.

 

Planning and execution of employee rights and fringe benefits.

 

To manage customer relations and provide better service to customers.

 

 

To ensure company security.

 

Establishing contact with real/legal persons who have a business relationship with the institution.

 

Storing personal data due to its direct relevance to the establishment and performance of contractsEstablishing contact with real/legal persons who have a business relationship with the institution.

 

Storing personal data due to its direct relevance to the establishment and performance of contracts.

 

Storage of personal data for the establishmenEstablishing contact with real/legal persons who have a business relationship with the institution.

 

Storing personal data due to its direct relevance to the establishment and performance of contracts.

 

Storage of personal data for the establishment, exercise or protection of a right.

 

Storage of personal data is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of individuals.

 

Storage of personal data for the purpose of fulfilling any legal obligations of the Company.

 

The explicit provision of the storage of personal data in the legislation.

 

The obligation of proof as evidence in legal disputes that may arise in the future.The obligation of proof as evidence in legal disputes that may arise in the future.

 

 

 

 

In accordance with the Regulation, in the following cases, the personal data belonging to the dataThe obligation of proof as evidence in legal disputes that may arise in the future.

 

 

 

 

In accordance with the Regulation, in the following cases, the personal data belonging to the data owners are deleted, destroyed or anonymized by the Cohe obligation of proof as evidence in legal disputes that may arise in the future.