PERSONAL DATA STORAGE AND DISPOSAL POLICY
1. PURPOSE: The purpose of the creation of this text is to store personal data that can be kept and stored in the relevant legal entity by the personal data controller and data processor in accordance with the Law No. 6698 on the Protection of Personal Data, the Regulation on the Deletion, Destruction or Anonymization of Personal Data and other relevant legislation. It has been prepared for the purpose of arranging the works and activities related to the destruction and destruction of
The storage and destruction of all kinds of personal data to be kept due to the activity of the legal entity will be carried out in accordance with this text.
2. REGISTRATION MEDIUM: Personal data will be kept in the following recording media.
2.1. Electronic Recording Media: Hard Disks, Removable Memory (Flash Disk ..vs), Optical Disks (Dvd. ..vs), Printer and Copier, Computer Software, E-mails, Internet Service Providers, Servers and Backup Systems.
2.2. Non-Electronic Recording Media: Handwritten and Edited; Paper, Files, Folder, Written Printed Visual Materials and Media.
3. EXPLANATIONS ON STORAGE AND DISPOSAL: Within the scope of commercial activities carried out by the legal entity, Public Institutions and Organizations, customers, prospective customers, visitors and third parties to whom it provides goods and services, in accordance with the relevant legislation and necessary reasons, laws and other legislations. data is stored and destroyed.
3.1. Explanations on Data Retention: Complying with the law and honesty rules as specified in Articles 3 and 4 of this law within the framework of the definition and general principles specified in the Law on the Protection of Personal Data. Being accurate and up-to-date when necessary Processing for specific, clear and legitimate purposes, Being connected, limited and proportional to the purpose for which they are processed, Processing conditions specified in Articles 5 and 6 of the same law, within the framework of the principles of being kept for the period required by the relevant legislation or for the purpose for which they are processed, and It will be kept in accordance with the provisions of other relevant legislation and the purpose of detention.
Legal reasons for data retention are stated below;
-Law No. 6698 on the Protection of Personal Data,
Turkish Code of Obligations No.-6098,
-5510 Social Insurance and General Health Insurance Law,
-Law No. 5651 on Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts,
- Occupational Health and Safety Law No. 6331,
-Labor Law No. 4857,
- Social Services Law No. 2828 Regulation
-Law No. 6563 on the Regulation of Electronic Commerce
-6102 Turkish Commercial Code
-5651 Regulation of Broadcasts on the Internet and This
Law on Combating Crimes Committed Through Publications
-213 Tax Procedure Law
-Law No. 6356 on Trade Unions and Collective Bargaining
-29417 No.Official Gazette Regulation on Commercial Communications and Commercial Electronic Messages
- It is kept for the storage periods stipulated in the framework of other secondary regulations in force in accordance with these laws.
3.1.1. Reasons to Require Storage and Transfer of Personal Data: In accordance with the purpose of establishment of the relevant legal entity and its commercial activities for this purpose,
- Employment and Commercial activities: Execution of Administrative and Administrative Affairs within the legal entity, Planning and Performance Audits, Establishing the Financial Order, Establishment of Accounting Transactions, Statements and Accruals, Ensuring and Inspecting Occupational Health and Safety, and Ensuring the Safety of the Workplace, also carried out by the legal person. Employment, Management and Communication activities and Commercial Activities carried out with real and legal persons and Security reasons.
- Obligations and Obligations Brought by the Relevant Legislation: Your personal data held by our company can be stored and transferred, if requested by public institutions such as SSI, Tax Office, Courthouse and Police, periodically or non-periodically, or if requested by the relevant institutions. With the Board Decisions, the data can be stored and transferred for the reasons stated above due to the activities of the legal entity, legal disputes that may occur in the future, the resolution of these conflicts and the burden of proof.
3.2. Reasons Requiring Disposal:
- Expiration of the Maximum Periods for Personal Data in accordance with the Relevant Legislation
- Changes in the above-mentioned legislation or legal entity requirements that will require the storage of personal data,
- If the request of the person concerned is accepted by the relevant legal entity in accordance with Article 11 of the Law on the Protection of Personal Data, or if the request is rejected, the Board decides to accept the consent,
- In cases where consent is obligatory for the storage of personal data, the consent of the person concerned is withdrawn after the consent is obtained,
In the above-mentioned cases, it is deleted, destroyed or anonymized by the legal entity ex officio, upon the request of the person.
4. ADMINISTRATIVE MEASURES: In accordance with the Law on the Protection of Personal Data, all kinds of administrative measures necessary for the protection and destruction of personal and private personal data, within the framework of the other provisions of the relevant legislation and the criteria to be determined by the Board, Article 12/1 of the Law No. 6698 on the Protection of Personal Data. In accordance with these measures;
- Trainings are given on the legislation on the protection of personal data, information security and the policy carried out by the legal entity in this regard, and the necessary awareness is provided to the personnel and third parties in contact on this issue.
- Confidentiality agreements are signed by the employees assigned for the access, processing and protection of personal data.
-Access to personal data is limited and controlled according to predefined electronic authorization and access protocols, and personnel who quit or have changed their duties are not able to access personal data, and the security of personal data is monitored.
- Disciplinary actions will be applied to the relevant employees as a legal entity for those who violate the methods used and the measures taken for the processing and protection of personal data.
- Periodic and random audits will be carried out in order to monitor the implementation of the decisions taken.
6. PERSONAL DATA DISPOSAL TECHNIQUES:
6.1.Deletion of Personal Data:.
6.2. Destruction of Personal Data:
6.3. Anonymization of Personal Data:
7. STORAGE AND DISPOSAL TIMES:
8.PERIODIC DISPOSAL PERIOD: In accordance with Article 11 of the Regulation on the Deletion, Destruction or Anonymization of Personal Data, the period of periodic destruction will be performed every 6 months. Accordingly, periodic destruction will be carried out in our legal entity in April and October each year.
9. THOSE INVOLVED IN PERSONAL DATA STORAGE AND DISPOSAL:
9.1.Data Controller: Geniousoft
9.2. Data Processor and Contact Person:
10. UPDATE: This Policy will be updated as needed
11. DEFINITIONS OF LEGAL AND TECHNICAL TERMS:
11.1. Legal Definitions:
Recording Media: The general name of the media on which personal data is recorded and stored.
Text: Legal Entity's Personal Data Retention and Disposal Policy Text
Board: Personal Data Protection Board
Related Legislation: Especially the Law No. 6698 on the PROTECTION of PERSONAL DATA, the Regulation on the Deletion, Destruction or Anonymization of Personal Data, the Regulation on the Registry of Data Controllers, the decisions to be made by the board and the provisions of other legislation, and the secondary legislation and related legislation in accordance with these laws. legislative provisions.
Legal Person: The legal person in which the Data Controller operates commercially and legally.
Destruction: Deletion, destruction or anonymization of personal data.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. or any kind of operation performed on the data, such as preventing its use.
Personal Data Retention and Destruction Policy: The policy on which data controllers base the process of determining the maximum time required for the purpose for which personal data is processed, and the process of deletion, destruction and anonymization,
Periodic Destruction: The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the conditions for processing personal data in the law are eliminated,
Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data,
11.2. Technical Definitions:
Modem: Internet communication device that connects local network and remote networks.
Firewall: a control device containing hardware and software that prevents unauthorized persons from accessing the internal network.
Internet request: Incoming or outgoing requests on or through a web page, ftp page, or other ports.
Office network: a local work network that is encrypted and designed according to security principles so that only employees' network devices cannot connect to other network devices.
Server network: a working network where only information from other networks where servers are located is tightly controlled.
Guest network: A working network where the network devices of outsiders can access the internet and have limited access to the office and server network.
Bridge: The ability of more than one network to be bridged to each other and to switch between each other within certain rules.
Wired network: Working networks where network devices are connected via cable.
Wireless network: Work networks where network devices connect wirelessly.
Connection ports (ports): ports through which information is moved or queries are created between network devices.
Data area: Hard disk, usb memory and similar storage areas where information is stored.
Secure internet line: Private and secure internet connection line
Web page: Commercial or special purpose information pages published on the Internet.
Email data: electronic correspondence, additional files and address information.
Hard Disk: storage units used by computers and network devices
Viruswall: A security system consisting of hardware and software against viruses.
Block: The process of preventing unwanted connections and people from entering the electronic network environment.
Network map: Creating a map of the devices in the network to check their status.
Monitoring software: monitoring devices on the network via ports and collecting information about their status.
12. ENFORCEMENT OF THE POLICY: The policy is deemed to have entered into force after its publication on the website of the Legal entity, and a signed copy is retained in accordance with the provisions of the relevant law.