Goal
The purpose of this policy is Aydoğan Örme Personal Data Storage and Destruction Policy has been prepared in order to determine the procedures and principles regarding the storage and disposal activities carried out in Aydoğan Örme. Aydoğan Knitting; In line with the mission, vision and basic principles determined in the Strategic Plan; Personal data of institution employees, employee candidates, service providers, visitors and other third parties are Constitution, international conventions, Personal Data Protection Law No.6698 (“Law”) and other relevant legislation, and ensuring that the relevant persons exercise their rights effectively has determined it as a priority. Work and transactions regarding the storage and destruction of personal data are carried out in accordance with the Policy prepared by Aydoğan Örme.
Scope
Personal data of Aydoğan Örme employees, employee candidates, service providers, visitors and other third parties are within the scope of this Policy and this Policy is applied to all recording environments and activities related to personal data processing owned by Aydoğan Örme or managed by Aydoğan Örme.
Responsible
All units and employees of Aydoğan Örme are responsible for the proper implementation of the technical and administrative measures taken under the Policy, the training and awareness of the unit employees, their monitoring and continuous auditing, and the prevention of unlawful processing of personal data, the prevention of unlawful access to personal data and It actively supports the responsible units in taking technical and administrative measures to ensure data security in all environments where personal data are processed in order to ensure that the data is stored legally. The titles, units and job descriptions of those involved in the storage and disposal processes of personal data are given in the GPRO / 002 Records Control Procedure.
All managers and employees in Aydoğan Örme are responsible for the implementation of this policy.
Definitions
Recipient Group: The category of natural or legal persons to whom personal data are transferred by the data controller.
Explicit Consent: Consent that is based on information and expressed with free will regarding a specific subject.
Anonymization: Making personal data unrelated to an identified or identifiable natural person under any circumstances, even by matching with other data.
Employee: Aydoğan Örme Personal Data Protection Staff
Electronic Media: Media where personal data can be created, read, changed and written by electronic devices.
Non-Electronic Media: All written, printed, visual and so on. other environments.
Service Provider: Real or legal person providing services within the framework of a specific contract with Protection of Personal Data.
Relevant Person: The real person whose personal data is processed.
Relevant User: Except for the person or unit responsible for the technical storage, protection and backup of the data, the persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller.
Destruction: Deletion, destruction or anonymization of personal data.
Law: Personal Data Protection Law No. 6698.
Recording Media: Any medium that contains personal data that is fully or partially automated or processed non-automatically provided that it is a part of any data recording system.
Personal Data: All kinds of information regarding an identified or identifiable natural person.
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on the business processes; The inventory that they have created by associating with the data category, the transmitted recipient group and the data subject group of the personal data processing purposes and the legal reason, explaining the maximum retention period required for the purposes for which the personal data is processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security.
Processing of Personal Data: Obtaining, recording, storing, storing, changing, reorganizing, disclosing, transferring, taking over, making available, classifying personal data fully or partially automatically, or by non-automatic means provided that it is part of any data recording system. or any action taken on the data, such as preventing its use.
Board: Personal Data Protection Board
Special Categories of Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures and biometric and their genetic data.
Periodic Destruction: The process of deletion, destruction or anonymization specified in the personal data storage and disposal policy and to be carried out ex officio at repetitive intervals in the event that all the conditions for processing personal data included in the Law are eliminated.
Policy: Personal Data Retention and Destruction Policy
Data Processor: Real or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
Data Recording System: A recording system in which personal data are structured and processed according to certain criteria.
Data Supervisor: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Controllers Registry Information System: The information system that data controllers will use in application to the Registry and in other related transactions, accessible over the internet, created and managed by the Presidency.
VERBİS: Data Controllers Registry Information System
Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017
Application