This destruction policy Pres-san Makina Imalat San. Trade Ltd. Sti. (COMPANY) has been prepared for the purpose of determining the procedures and principles to be applied regarding the deletion, destruction and/or anonymization of personal data in accordance with the Personal Data Protection Law No. 6698 and the relevant legislation.
In this context, our employees, employee candidates and for any reason Pres-san Makina Imalat San. Trade Ltd. Sti. The personal data of all natural persons with personal data are processed in accordance with the law within the framework of the Personal Data Processing and Protection Policy and this Personal Data Storage and Disposal Policy.
DEFINITIONS
|
Data Controller |
The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
|
Related person |
The real person whose personal data is processed, |
|
Destruction |
Deletion, destruction or anonymization of personal data |
|
Law |
Law on Protection of Personal Data No. 6698 published in the Official Gazette dated 07.04.2016 and numbered 29677, |
|
regulation |
Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224 |
|
Board |
Personal Data Protection Board |
|
recording media |
Any environment where personal data is processed wholly or partially automatically or non-automatically, provided that it is a part of any data recording system. |
|
Personal Data Processing and Protection Policy |
https://pres-san.com/ published at, Pres-san Makina Imalat San. Trade Ltd. Sti. the policy that determines the procedures and principles regarding the management of personal data in its possession. |
|
data logging system |
It refers to the recording system in which personal data is processed and structured according to certain criteria. |
ENVIRONMENTS AND SAFETY PRECAUTIONS
ENVIRONMENTS WHERE PERSONAL DATA IS STORED
Pres-san Makina Imalat San. Trade Ltd. Sti. Personal data stored in our company are kept in a suitable recording environment and under conditions suitable for the nature of the data and our legal obligations.
The recording media used for the storage of personal data are generally listed below. However, some data may be kept in a different environment than the ones shown here, due to their special qualities or our legal obligations. Pres-san Makina Imalat San. Trade Ltd. Sti. acts as a data controller in any case and processes and protects it in accordance with the Personal Data Protection Law, the Processing and Protection of Personal Data Policy and this Personal Data Retention and Destruction Policy.
|
Local Printed Media |
They are media where data is kept by printing on paper or microfilms. |
|
Local digital media |
Pres-san Makina Imalat San. Trade Ltd. Sti. It is all digital media such as servers, fixed or portable disks, optical disks. |
|
cloud environments |
Pres-san Makina Imalat San. Trade Ltd. Sti. Although not included in Pres-san Makina Imalat San. Trade Ltd. Sti. are environments where internet-based systems encrypted with cryptographic methods are used. |
SECURING ENVIRONMENTS
Pres-san Makina Imalat San. Trade Ltd. Sti., takes all necessary technical and administrative measures in accordance with the characteristics of the relevant personal data and the environment in which it is kept, in order to keep personal data safe and to prevent unlawful processing and access, and also follows the developments in this regard.
These measures include, but are not limited to, the following administrative and technical measures to the extent that they comply with the nature of the personal data and the environment in which it is kept.
Technical and administrative measures
Pres-san Makina Imalat San. Trade Ltd. Sti. It takes the following technical and administrative measures in accordance with the characteristics of all environments where personal data is stored and the environment in which the data is kept:
|
The security of personal data stored in the cloud is ensured. |
||
|
Training and awareness activities are carried out periodically for employees on data security. |
||
|
Confidentiality commitments are made. |
||
|
The authorizations of employees who have a change of job or quit their job in this field are removed. |
||
|
The signed contracts contain data security provisions. |
|
|
|
Necessary security measures are taken regarding entry and exit from physical environments containing personal data. |
||
|
Physical environments containing personal data are secured against external risks (fire, flood, etc.). |
||
|
The security of environments containing personal data is ensured. |
|
|
|
Personal data is reduced as much as possible. |
|
|
|
Log records are kept without user intervention. |
|
|
|
Protocols and procedures for Special Quality personal data security have been determined and implemented. |
||
|
Data Processing service providers are aware of data security.
|
||
DISPOSAL OF PERSONAL DATA
REASONS FOR STORAGE AND DISPOSAL
Reasons for Storage
Pres-san Makina Imalat San. Trade Ltd. Sti. personal data held in our Law and Personal Data Policy (for the relevant policy https://pres-san.com/ are stored for the purposes and reasons stated herein.
Pres-san Makina Imalat San. Trade Ltd. Sti. Personal data contained in the company are deleted, destroyed or anonymized ex officio in accordance with this destruction policy, upon the request of the person concerned or if the reasons listed in Articles 5 and 6 of the Law are eliminated.
The reasons listed in Articles 5 and 6 of the Law consist of the following:
clearly stipulated in the law,
It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,
It is mandatory for the data controller to fulfill its legal obligation,
The person concerned has been made public by himself,
Data processing is mandatory for the establishment, exercise or protection of a right,
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,
DISPOSAL METHODS
Pres-san Makina Imalat San. Trade Ltd. Sti. It deletes, destroys or anonymizes the personal data stored in accordance with the Law and the relevant legislation and the Personal Data Processing and Protection Policy, upon the request of the person concerned or within the periods specified in this Personal Data Retention and Disposal Policy, in case the reasons requiring the processing of the data disappear. brings.
Pres-san Makina Imalat San. Trade Ltd. Sti. The most commonly used deletion, destruction and anonymization techniques are listed below:
Deletion Methods
|
Deletion Methods for Personal Data Held in Printed Media |
|
|
Blackout |
Personal data in the printed media are deleted using the blackout method. The blackening process is done by cutting the personal data on the relevant document when possible, and making it invisible by using fixed ink in a way that cannot be returned and read with technological solutions in cases where it is not possible. |
|
Deletion Methods for Personal Data Held in Cloud and Local Digital Environment |
|
|
Secure deletion from software |
Personal data kept in the cloud or local digital environments are deleted with a digital command in a way that cannot be recovered. Data deleted in this way cannot be accessed again. |
Extermination Methods
|
Destruction Methods for Personal Data Held in Printed Media |
|
|
physical destruction |
Documents kept in printed media are destroyed in a way that they cannot be reassembled with document shredders. |
|
Destruction Methods for Personal Data Held in Local Digital Environment |
|
|
physical destruction |
It is the process of physically destroying optical and magnetic media containing personal data, such as melting, burning or pulverizing. Data is rendered inaccessible by processes such as melting, incinerating, pulverizing, or passing through a metal grinder to optical or magnetic media. |
|
De-magnetizing (degauss) |
It is the process of unreadable corruption of the data on the magnetic media by exposing it to a high magnetic field. |
|
overwrite |
Random data consisting of 0s and 1s is written at least seven times on magnetic media and rewritable optical media, preventing reading and recovery of old data. |
|
Destruction Methods for Personal Data Held in the Cloud |
|
|
Secure deletion from software |
Personal data kept in the cloud is irrecoverably deleted by digital command, and when the cloud computing service relationship ends, all copies of encryption keys required to make personal data usable are destroyed. Data deleted in this way cannot be accessed again. |
Anonymization Methods
Anonymization is making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching it with other data.
|
Subtracting variables |
It is the removal of one or more of the direct identifiers included in the personal data of the data subject and which will help to identify the person concerned in any way. This method can be used to anonymize personal data, or it can also be used for deletion of personal data if there is information that is not suitable for the purpose of data processing. |
|
Regional hiding |
It is the process of deleting the information that may be distinctive about the exceptional data in the data table in which the personal data is collected in an anonymous form. |
|
Generalization |
It is the process of bringing together the personal data of many people and turning them into statistical data by removing their distinctive information. |
|
Lower and upper bound coding / Global coding |
For a certain variable, the ranges of that variable are defined and categorized. If the variable does not contain a numeric value, then close data in the variable are categorized. Values within the same category are combined. |
|
Micro-joining |
With this method, all records in the data set are first arranged in a meaningful order, and then the whole set is divided into a certain number of subsets. Then, by taking the average of the value of each subset of the determined variable, the value of that variable of the subset is replaced with the mean value. In this way, since the indirect identifiers in the data will be corrupted, it is difficult to associate the data with the relevant person. |
|
Data hashing and tampering |
Direct or indirect identifiers in personal data are mixed with other values or their relationship with the person concerned is broken and they lose their descriptive qualities. |
STORAGE AND DISPOSAL TIMES
Storage Times
|
DATA OWNER |
DATA CATEGORY |
DATA STORAGE PERIOD |
|
Worker |
Recruitment documents and personal data as a basis for notifications regarding length of service and wages to the Social Security Institution |
10 years from the end of the service contract, Within 180 days after the end of the storage period |
|
Worker |
With the recruitment documents to the Social Security Institution; Personnel data excluding personnel data that is the basis for notifications regarding service period and wages |
10 years from the end of the service contract, Within 180 days after the end of the storage period |
|
Worker |
Data in the Workplace Personal Health File |
15 years from the end of the service contract, Within 180 days after the end of the storage period |
|
Employee Candidate |
Information in the CV and job application form of the Employee Candidate |
It is stored for a maximum of 1 year. Within 180 days after the end of the storage period |
|
Customer |
Customer's name, surname, TCKN contact information, payment information and methods, navigational movements, voice recordings from phone calls, product/service preferences, special day information |
Within 180 days following the expiry of the period stipulated in its own legislation |
|
Customer |
Camera images |
Stored for 2 years |
|
Potential Customer |
Identity information, contact information, financial information etc. obtained during the contract negotiations regarding the establishment of a commercial relationship between the Potential Customer and the Company. informations |
It is stored for 2 years. |
NOTE: If it is arranged for a longer period in accordance with the law and other legislation, or in accordance with the legislation, the statute of limitations, foreclosure period, storage periods, etc. If a longer period is foreseen for the storage period, the periods in the provisions of the legislation are considered as the maximum storage period.
Disposal Times
Pres-san Makina Imalat San. Trade Ltd. Sti. In the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data for which it is responsible in accordance with the Law, other relevant legislation, Personal Data Processing and Protection Policy and this Personal Data Storage and Disposal Policy arises, it deletes, destroys personal data. or make it anonymous.
The person concerned, pursuant to Articles 11 and 13 of the Law Pres-san Makina Imalat San. Trade Ltd. Sti. when he/she requests the deletion or destruction of his/her personal data by applying;
If all the conditions for processing personal data have disappeared; Pres-san Makina Imalat San. Trade Ltd. Sti. deletes, destroys or anonymizes the personal data subject to the request with the appropriate destruction method, explaining the reason within 30 (thirty) days from the day of receipt of the request. Pres-san Makina Imalat San. Trade Ltd. Sti. In order to be deemed to have received the request, the person concerned must have made the request in accordance with the Personal Data Processing and Protection Policy. Pres-san Makina Imalat San. Trade Ltd. Sti. In any case, it informs the person concerned about the transaction.
If all the conditions for processing personal data have not disappeared, this request Pres-san Makina Imalat San. Trade Ltd. Sti.may be rejected by explaining the reason in accordance with the third paragraph of Article 13 of the Law, and the rejection response is notified to the relevant person in writing or by appropriate methods within 30 (thirty) days at the latest.
PERIODIC DISPOSAL
In the event that all the conditions for the processing of personal data in the law are eliminated; Pres-san Makina Imalat San. Trade Ltd. Sti. deletes, destroys or anonymizes the personal data whose processing conditions have been eliminated, through a process to be carried out ex officio at repetitive intervals and specified in this Personal Data Retention and Disposal Policy.
AUDIT OF LEGAL COMPLIANCE OF DISPOSAL
Pres-san Makina Imalat San. Trade Ltd. Sti. It performs the destruction processes, which it performs ex officio, both on request and in periodic destruction processes, in accordance with the Law, other legislation, the Policy on the Processing and Protection of Personal Data and this Personal Data Storage and Disposal Policy.
Pres-san Makina Imalat San. Trade Ltd. Sti. takes a number of administrative and technical measures in order to ensure that the destruction processes are carried out in accordance with these regulations.
Technical and administrative measures
Pres-san Makina Imalat San. Trade Ltd. Sti.;
|
The security of personal data stored in the cloud is ensured. |
||
|
Training and awareness activities are carried out periodically for employees on data security. |
||
|
Confidentiality commitments are made. |
||
|
The authorizations of the employees who have a change of job or quit the job are removed in this field. |
||
|
The signed contracts contain data security provisions. |
|
|
|
Necessary security measures are taken regarding entry and exit from physical environments containing personal data. |
||
|
Physical environments containing personal data are secured against external risks (fire, flood, etc.). |
||
|
The security of environments containing personal data is ensured. |
|
|
|
Personal data is reduced as much as possible. |
|
|
|
Log records are kept without user intervention. |
|
|
|
Protocols and procedures for Special Quality personal data security have been determined and implemented. |
||
|
Data Processing service providers are aware of data security.
|
||
UPDATE AND COMPLIANCE
Pres-san Makina Imalat San. Trade Ltd. Sti. It reserves the right to make changes in the Personal Data Processing and Protection Policy or this Personal Data Retention and Disposal Policy due to the changes made in the law, in accordance with the decisions of the Institution or in line with the developments in the sector or in the field of informatics.
Changes made to this Personal Data Retention and Disposal Policy will be immediately transcribed and the changes will take effect on the date of publication. This Policy is published on our Company's website.