TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A.Ş.
This Personal Data Retention and Disposal Policy (“Policy”), Personal Data Protection Law No. 6698 (KVKK) and the Regulation on the Deletion, Destruction or Anonymization of Personal Data issued based on this law (“Regulation”), the storage and anonymization of personal data As the data controller, TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A. S. Prepared by
Explicit Consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even if it is matched with other data,
Unit Cabinets: Cabinets where the physical folders of each unit in the company are kept for their active activities,
Firewall: It is a hardware device that provides security both in the field of mail and the internet in order to prevent attacks from outside the company and to prevent users from being exposed to such attacks. In addition, internet access restrictions are set on this device.
Physical Destruction: The physical destruction of optical media and magnetic media, such as melting, incinerating or pulverizing.
Destruction: Deletion, destruction or anonymization of personal data,
Relevant Person: The real person whose personal data is processed,
Relevant User: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data,
Law: Law on Protection of Personal Data No. 6698,
Recording Environment: Any environment in which personal data is fully or partially automated or processed by non-automatic means, provided that it is a part of any data recording system,
Personal Data: Any information relating to an identified or identifiable natural person,
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data with the purposes of processing, the data category, the transferred recipient group and the data subject group, explaining the maximum period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security,
Deletion of Personal Data: The process of making personal data inaccessible and unusable for the relevant users,
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,
Sensitive Personal Data: Data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data,
Periodic Destruction: The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the law are eliminated,
Company: TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A.Ş.
Regulation: Refers to the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.
In the implementation of this policy, recording media means any environment where personal data is stored. The Company stores the personal data it processes in the following recording environments in accordance with the relevant legislation, especially the Personal Data Protection Law, and by taking the most up-to-date measures regarding data security.
In this context, the recording media in the Company:
a) Personal data of the persons concerned may be processed by the Company for the following purposes:
I. ISTANBUL (CENTER)
II. SAMARA HOTEL
b) In accordance with the Regulation, the personal data of the persons concerned are deleted or destroyed by the Company ex officio or upon request, in the following cases:
a. Changing or repealing the provisions of the relevant legislation, which is the basis for the processing or storage of personal data
b. The disappearance of the purpose that requires the processing or storage of personal data,
c. Elimination of the conditions requiring the processing of personal data in Articles 5 and 6 of the Law.
D. In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject withdraws his consent,
to. The application made by the data subject regarding the deletion or destruction of his personal data is accepted by the data controller,
f. In cases where the data controller rejects the application made by the data subject with the request for the deletion or destruction of his personal data, if his answer is found to be insufficient or if he does not respond within the time stipulated in the Law, a complaint is made to the Board and this request is approved by the Board
g. The absence of any conditions justifying the retention of personal data for a longer period of time, even though the maximum period for keeping personal data has passed.
a) Technical Measures:
Network security and application security are provided.
Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
The security of personal data stored in the cloud is ensured.
Access logs are kept regularly.
The authorizations of employees who have a change of job or quit their job in this field are removed.
Current anti-virus systems are used.
Firewalls are used.
Personal data security issues are reported quickly.
Personal data security is monitored.
Log records are kept without user intervention.
Cyber security measures have been taken and their implementation is constantly monitored.
Encryption is done.
b) Administrative Measures
There are disciplinary regulations that include data security provisions for employees.
Training and awareness activities are carried out periodically for employees on data security.
The signed contracts contain data security provisions.
Personal data security policies and procedures have been determined.
Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
Physical environments containing personal data are secured against external risks (fire, flood, etc.).
The security of environments containing personal data is ensured.
Personal data is reduced as much as possible.
Confidentiality commitments are made.
Employees are informed and trained on the law of protection of personal data and the destruction of personal data in accordance with the law.
Personnel who will destroy the Personal data registered in the Personal Data Inventory have been determined.
Personal data storage and destruction activities carried out within the company are audited.
The technical measures taken are reported to the person concerned.
Personnel knowledgeable in technical matters are employed.
a. Methods of Deletion of Personal Data
i. Personal Data in Paper Media: It is deleted using the destruction method. Destruction is done by deforming and rendering unusable the relevant documents and the personal data on the relevant documents in such a way that they cannot be read back with technological solutions.
ii. Office Files on the Central Server: They are deleted with the delete command in the operating system.
b. Personal Data Destruction Methods
i. Personal Data in Local and Environmental Systems: Physical destruction is destroyed by using the appropriate overwriting method.
|Front office manager||Personal Data Retention and Disposal Policy Implementation Officer for Front Office and Reservation Processes and Visitor Records||Ensuring the compliance of the data processed by the department in charge with the storage period in this data laundering and destruction policy and managing the personal data destruction process during periodic destruction periods.|
|Accounting Manager||Accounting Processes Personal Data Retention and Disposal Policy Implementation Officer|
|Director of Human Resources||Human Resources Processes Personal Data Storage and Disposal Specialist|
|IT Specialist||Personal Data Storage and Disposal Responsible for Data Processed Through Information Systems|
|Occupational Physician||Personnel Health Folder Personal Data Retention and Disposal Policy Implementation Officer|
|Job Security Specialist||OHS Processes Personal Data Retention and Disposal Policy Implementation Officer|
|DATA CATEGORY||STORAGE PERIOD||DISPOSAL TIME|
|Other data required to be processed for the establishment or performance of a contract or processed within this scope||10 years from the date of termination of the contract in accordance with the Turkish Code of Obligations||In the first periodic destruction process following the end of the storage period|
|Data processed in order to protect the right in a possible dispute||During the statute of limitations to which the legal relationship is subject||In the first periodic destruction process following the end of the storage period|
|Employee health data and all data processed in accordance with Occupational health and safety legislation||15 years from the date of dismissal in accordance with the Occupational Health and Safety legislation||In the first periodic destruction process following the end of the storage period|
|Data on finance and accounting||10 years (TCC art. 82)||In the first periodic destruction process following the end of the storage period|
|Camera recordings taken to ensure general security||1 month||overwrites|
|Other data for which a special storage period is stipulated in the relevant legislation||During the storage period stipulated in the relevant legislation||In the first periodic destruction process following the end of the storage period|
|Data stored in accordance with tax legislation||5 years||In the first periodic destruction process following the end of the storage period|
|Personal data processed on the basis of consent||Until the person's request for the deletion of their personal data||Within 30 days from the request of the person concerned|
|Log Records||2 years||In the first periodic destruction process following the end of the storage period|
|Visitor book||1 year||In the first periodic destruction process following the end of the storage period|
|Post Survey Forms||1 month||It is destroyed after necessary evaluation.|
Physical and digital data, which have completed the legal storage and destruction periods, are periodically destroyed. The company deletes or destroys personal data in the first periodical destruction process following the date on which the obligation to delete or destroy personal data arises.
Periodic destruction is carried out at 6-month intervals for all personal data.
Transaction records regarding deletion and destruction are kept for 3 years.
The use of these technologies is carried out in accordance with the legislation we are subject to, especially the Personal Data Protection Law No. 6698 ("KVK Law").
The purpose of this Cookie Clarification Text is to inform you about the processing of personal data obtained due to the processing of personal data through the collection of personal data such as cookies and pixels used during the use of the Platforms. In this text, we would like to explain to you which types of cookies we use for what purposes on our site and application and how you can control these cookies.
Cookies are small text files stored on your computer or mobile device when you visit our website. In some cases, we may combine our company or third party Cookies with the personal information you have provided to us or obtained by us, but cookies alone cannot be used to reveal your identity to us. Cookies can be used on the Site to improve your experience.
Your personal data is collected by means of cookies in electronic environment within the scope of your visit to our website, based on the legal reason for the legitimate interest of our Company.
As a company, we may share your personal data within the scope of the Cookie Clarification Text with our suppliers and legally authorized public institutions limited to the realization of the above-mentioned purposes and in accordance with the legislation.
Relevant persons must first apply to the data controller in order to exercise their rights regarding their personal data. KVKK m. According to 14/2, a complaint cannot be filed with the Board without contacting the data controller. By contacting our company, your personal data,
Data Supervisor You Can Apply Under The Provisions Of KVKK
TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A.Ş. (SAMARA HOTEL)