PERSONAL DATA STORAGE AND DISPOSAL PROCEDURE

EXPLANATIONS ON STORAGE AND DISPOSAL

by SETO; Personal data belonging to employees of third parties, institutions or organizations that are in contact as employees, employee candidates, visitors and service providers are stored and destroyed in accordance with the Law. In this context, detailed explanations regarding storage and disposal are given below, respectively.

Explanations on Storage;In Article 3 of the Law, the concept of processing personal data is defined, in Article 4 it is stated that the personal data processed should be related to the purpose for which they are processed, limited and measured and should be kept for the period required for the purpose for which they are processed or as stipulated in the relevant legislation. counted. Accordingly, within the framework of SETO activities, personal data is stored for a period of time stipulated in the relevant legislation or suitable for our processing purposes.

 

i) Legal Reasons Requiring Concealment

At SETO, personal data processed within the framework of its activities are kept for the period stipulated in the relevant legislation. In this context, personal data, but not limited to the following;

Law No. 6698 on the Protection of Personal Data,Turkish Code of Obligations No. 6098,

Social Insurance and General Health Insurance Law No. 5510, Law No. 5651 on Regulation of Publications Made on the Internet and Fighting Against Crimes Committed Through These Publications, Law No. 6331 on Occupational Health and Safety, Law No. 4982 on Obtaining Information, Law No. 3071 on Use of the Right to Petition, Labor Law No. 4857, Regulation on Health and Safety Measures to be Taken in Workplace Buildings and Attachments, Regulation on Archive Services

It is stored as long as the storage periods stipulated in the framework of other secondary regulations in force in accordance with these laws. ii) Processing Purposes Requiring Retention SETO stores the personal data it processes within the framework of its activities for the following purposes. Execution of Emergency Management Processes Execution of Information Security Processes Execution of Employee Candidate/Intern/Student Selection and Placement Processes Execution of Employee Candidates Application Processes 

Execution of Employee Satisfaction and Loyalty Processes Fulfilling Employment Contract and Legal Obligations for Employees Execution of Benefits and Benefits Processes for Employees Conducting Audit/Ethical Activities Conducting Training Activities Execution of Access Authorities Conducting Activities in Compliance with the Legislation Conducting Finance and Accounting Works Affiliated to Firm/Product/Service Execution of Processes Providing Physical Space Safety Execution of Appointment Processes Following and Executing Legal Affairs Carrying out Internal Audit/Investigation/Intelligence Activities Conducting Communication Activities Planning Human Resources Processes Execution/Inspection of Business Activities Execution of Occupational Health/Safety Activities Taking and Evaluating Suggestions for Improvement of Business Processes Business Continuity Execution of Provision Activities Execution of Logistics Activities Procurement of Goods/Services With Process Execution of Goods/Services After Sales Support Services Execution of Goods/Services Sales Processes Execution of Goods/Services Production and Operation Processes Carrying out Customer Relationship Management Processes Carrying out Customer Satisfaction Activities Organization and Event Management Carrying out Marketing Analysis Studies Carrying out Performance Evaluation Processes Carrying out Risk Management Processes Execution of Storage and Archive Activities Execution of Contract Processes Execution of Strategic Planning Activities Monitoring of Requests/Complaints Ensuring the Security of Movable Goods and Resources Execution of Supply Chain Management Processes Execution of Wage Policy Execution of Marketing Processes of Products/Services Ensuring the Security of Data Controller Operations Execution of Talent/Career Development Activities Authorized Person, Providing Information to Institutions and Organizations, Conducting Management Activities, Registering Visitors Creation And Tracking

Reasons Requiring Destruction;Personal data; Amendment or repeal of the provisions of the relevant legislation, which are the basis for processing,

 

The disappearance of the purpose requiring its processing or storage,

In cases where the processing of personal data takes place only on the basis of express consent, the person concerned withdraws his explicit consent, SETO accepts the application made by the data subject for the deletion and destruction of personal data within the framework of the rights of the person in accordance with Article 11 of the Law, SETO's personal data by the person concerned. in cases where he rejects the application made to him with a request to be deleted, destroyed or anonymized, finds his answer insufficient or does not respond within the time stipulated in the Law; In cases where a complaint is made to the Board and this request is approved by the Board, the maximum period requiring the storage of personal data has passed, and there is no condition to justify keeping the personal data for a longer period of time, it is deleted, destroyed or ex officio deleted by the SETO upon the request of the person concerned. is destroyed or anonymized.

 

TECHNICAL AND ADMINISTRATIVE MEASURES

Within the framework of adequate measures determined and announced by the Board for special quality personal data, pursuant to Article 12 of the Law and paragraph 4 of Article 6 of the Law, in order to store personal data securely, to prevent unlawful processing and access, and to destroy personal data in accordance with the law. .*……. technical and administrative measures are taken by

 

Technical Measures 

The technical measures taken by SETO regarding the personal data it processes are listed below: Network security and application security are ensured. A closed system network is used for personal data transfers via the network. Key management is implemented. Security measures are taken within the scope of procurement, development and maintenance of information technology systems. The security of personal data stored in the cloud is ensured. There are disciplinary regulations that include data security provisions for employees. An authorization matrix has been created for employees. The authorizations of employees who have a change in duty or quit their job in this field are removed. Current anti-virus systems are used. Firewalls are used. The signed contracts contain data security provisions. Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format. Necessary security measures are taken regarding entry and exit to physical environments containing personal data. The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured. The security of environments containing personal data is ensured. Personal data is reduced as much as possible. Personal data is backed up and the security of the backed up personal data is also ensured. User account management and authorization control system are implemented and these are also followed. Log records are kept without user intervention. Existing risks and threats have been identified. Intrusion detection and prevention systems are used. Encryption is done. Personal data transferred in portable memory, CD and DVD media are encrypted and transferred. Data loss prevention software is used.

​

Administrative Measures

Administrative measures taken by SETO regarding the personal data it processes are listed below: Preventing the illegal processing of personal data, preventing unlawful access to personal data, ensuring the protection of personal data, communication techniques, technical knowledge and skills, Law No. and other relevant legislation and regulations. Confidentiality agreements are signed by the employees regarding the activities carried out by SETO. A disciplinary procedure has been prepared for employees who do not comply with security policies and procedures. Before starting to process personal data, SETO fulfills the obligation to inform the relevant persons. Personal data processing inventory has been prepared. Periodic and random audits are carried out within SETO. Information security trainings are provided for employees. PERSONAL DATA DISPOSAL TECHNIQUES At the end of the period stipulated in the relevant legislation or the storage period required for the purpose for which they are processed, personal data is destroyed by SETO ex officio or upon the application of the relevant person, again in accordance with the provisions of the relevant legislation, with the techniques specified below.

​

Deletion of Personal Data;

Personal data is deleted with the methods given in Table-3.

 

      _cc781905-5cde-3194-bb3b3b-136bad  _cc781905-5cde-3194- ccde-3194cf13631365c5cf3b31994cbdc13653155cf -bb3b-136bad5cf58d_Table 3: Deletion of Personal Data