1. Purpose
The purpose of this procedure is to ensure that all printed and written content, information technology assets and peripherals used in the acquisition, processing and storage of information are safely destroyed when necessary and in accordance with the Law on the Protection of Personal Data No. 6698.
2. Scope
The procedure covers all personal, commercial data records and business processes.
3. Definitions
Law: Refers to the Law No. 6698 on the "Protection of Personal Data".
Personal Data : Personal data refers to any information relating to an identified or identifiable natural person. The fact that a person is specific or identifiable means that the existing data is associated with a natural person in any way, making that person's identity identifiable.
Blackening : Processes such as scraping, painting, icing all personal data in a way that cannot be associated with an identified or identifiable natural person,
Recording medium : Any medium containing personal data that is fully or partially automated or processed by non-automatic means, provided that it is a part of any data recording system,
Personal data retention and destruction policy : The policy that data controllers take as a basis in determining the maximum period required for the purpose for which personal data is processed and in the process of deletion, destruction and anonymization,
Masking : Processes such as deleting, drawing, painting, starring certain areas of personal data in a way that cannot be associated with a specific or identifiable natural person,
Special Quality Personal Data : Data related to the person's race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, disguise, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. datas . and genetic data.
Periodic destruction : It is the deletion, destruction or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the processing conditions of personal data in the law are no longer valid.
4. References
Regulation on the Protection of Personal Data No. 6698, No. 30224, on the Deletion, Destruction or Anonymization of Personal Data dated 28.10.2018
5. Application
5.1. Disposal of Assets
In the event that the purpose factor for the processing of personal data is eliminated, the express consent is withdrawn, or all the conditions for processing personal data in Articles 5 and 6 of the Law are eliminated, or if there is a situation where none of the exceptions in the aforementioned articles can be applied, the processing conditions are eliminated. personal data is deleted by the relevant business unit, taking into account business needs, within the scope of Articles 7, 8, 9 or 10 of the Regulation (Deletion, Destruction or Anonymization of Personal Data), by explaining the reason for the method applied, destroyed or anonymized. However, in case of a finalized court decision, the method of destruction determined by the court decision must be applied.
The information on any device with information recording feature is deleted against unauthorized access and the disk and recording mechanism on the device are physically destroyed. The Media/Device Disposal Report is filled in and signed by the information systems operator. Date, device information, reason for destruction, etc. The destruction process is recorded by entering the information.
Data Deletion Methods
a.
Personal Data in Paper Media: They are deleted by destroying with a paper shredder or by using the blackout method when necessary.
b. Office Files on the Central Server: They are deleted with the delete command in the operating system.
c. Data in Removable Media: It is deleted with the delete command in the operating system.
d. Databases : Relevant rows with data are deleted with database commands.
Methods of Destruction of Assets and Data
a. In Local Systems: De-magnetizing, physical destruction, overwriting is destroyed by using the appropriate method.
b. Environmental Systems:
• Network devices (switches, routers, etc.): Destroyed by appropriate methods specified in item a.
• Flash-based media: It is destroyed by the methods recommended by the relevant manufacturer or by the methods specified in item a.
• Magnetic tape: It is destroyed by demagnetizing or by physical methods such as burning or melting.
• Sim Card and fixed memory cards: They are destroyed by the appropriate methods specified in item a.
• Optical discs: they are destroyed by physical methods such as burning, breaking into small pieces, melting.
• Peripherals with fixed Data Recording Media: They are destroyed by the appropriate methods specified in item a.
c. Printed Media: It is destroyed using paper shredders. Personal data transferred from original paper format to electronic media by scanning are destroyed by appropriate methods according to their environment.
Methods of Anonymization of Personal Data:
At the stage of anonymizing personal data, the appropriate method of making Personal Data Anonymous is used, which is shown in the Guide on Deletion, Destruction or Anonymization of Personal Data published by the Personal Data Protection Authority.
As a result of periodic reviews or when it is determined that the data processing conditions have disappeared at any time, the relevant user or data owner will decide to delete, destroy or anonymize the relevant personal data from the recording medium within its own body in accordance with this policy. In case of hesitation, action will be taken by obtaining the opinion of the relevant data owner business unit.
In the destruction of data, the regulation stating the retention periods published by the General Directorate of State Archives is taken into consideration. The data that are not inconvenient to be destroyed are destroyed after the required time has expired in the unit archive, the institution archive or the state archives.
5.1.1. Destruction of Multi-Stakeholder Data
When it is necessary to take a decision regarding the destruction of personal data with multi-stakeholder data ownership in the Central Information Systems, it is decided to store or delete, destroy or anonymize the data in accordance with this policy, by taking the opinion of the Data Controller Representative.
5.1.2. Destruction of Personal Data Upon Data Owner's Request
When the real person who owns the personal data requests the deletion, destruction or anonymization of his personal data by applying to the University with the "Personal Data Owner Application Form" pursuant to Article 13 of the Law, it is finalized within thirty days at the latest from the application date. Requests for the deletion or destruction of personal data will only be considered if the identity of the person concerned has been identified. The applicant is informed through the methods specified in the application form. If the processing conditions have not been lifted due to legal requirements; It is declared to the data owner that the personal data subject to the request cannot be deleted. The unit where the relevant data is processed examines whether all the conditions for processing personal data have disappeared. If all the processing conditions have disappeared; deletes, destroys or anonymizes the personal data subject to the request within three months at the latest. If all the conditions for processing personal data have been removed and the personal data subject to the request has been transferred to third parties, the unit where the relevant data is processed immediately notifies the third party to which the data is transferred and ensures that the necessary actions are taken within the scope of the Regulation before the third party.
5.2. Periodic Review of Personal Data
All users who process or store personal data and data subject units will review the data recording media they use, within six-month periods at the latest, whether the conditions related to the processing have disappeared. Upon the application of the personal data owner or the notification of a court, the relevant users and units will make this review in the data recording media they use, regardless of the period of periodic inspection. All transactions regarding the deletion, destruction or anonymization of personal data are recorded and these records are kept for at least three years, excluding other legal obligations.
In the deletion, destruction or anonymization of personal data, it is necessary to act in accordance with the general principles of article 4 (Processing of Personal Data) and technical and administrative measures to be taken within the scope of article 12 (Data Security Obligations), provisions of the relevant legislation, Board decisions and court decisions. is being done.
5.3. Storage of Personal Data
The processing times of personal data are specified in the "Personal Data Processing Inventory".
The storage and destruction periods in question will be taken into account in the periodic destruction or on-demand destruction processes. Storage and destruction processes may vary upon the request of the data owner, unless there is a legal obligation.
In order to ensure personal data security, physical security measures such as documents in paper media containing personal data, CD, DVD and USB devices are kept locked when not in use, only authorized personnel can access them and the entrances and exits are monitored by camera. The servers containing the personal data kept in the digital environment are stored in the University system room, with the necessary security measures taken.
Administrative and technical measures taken to ensure the Security of Personal Data are detailed in the Personal Data Protection and Processing Policy.
6. Control
The documents are checked periodically once a year, as they are revised as needed.
All services provided in our store Anadolu Mah. Necip Fazil Cd. Fennes Home, registered at No:163/B Arnavutköy / Istanbul, belongs to our company and is operated by our company.
Due to the nature of the business, our store collects some personal information about the members (such as name-surname, company information, telephone, address or e-mail addresses) by filling out various forms and surveys on membership or our store.
Our company may send campaign information, information about new products, promotional offers to its customers and members in certain periods. Our members can make all kinds of choices about whether or not to receive such information while becoming a member, then change the selection from the account information section after logging in as a member, or make a notification with the link in the information message received.
During the approval process via our store or by e-mail, personal information transmitted to our store electronically by our members will not be disclosed to third parties, except for the purposes and scope determined by the 'User Agreement' we made with our members.
Our company records and uses the IP addresses of its members in order to identify system-related problems and quickly resolve any problems or disputes that may arise regarding the service provided. IP addresses can also be used to identify users in a general way and to gather comprehensive demographic information.
Our company may use the requested information for direct marketing purposes, either by itself or by the people it cooperates with, except for the purposes and scope determined by the Membership Agreement. Personal information can also be used to contact the user when necessary.
Information requested by our company and information provided by the user or information about transactions made through our store; It can be used in various statistical evaluations, database creation and market research without disclosing the identity of our members, outside the scope and purposes determined by the 'Membership Agreement' by our company and its collaborators.
Our company, to keep confidential information strictly private and confidential, to consider it a confidentiality obligation, to ensure and maintain confidentiality, to take all necessary measures and to take all necessary care to prevent all or any part of confidential information from entering the public domain or unauthorized use or disclosure to a third party. commits to show
CREDIT CARD SECURITY
Our company prioritizes the security of credit card holders who shop at our shopping sites. Your credit card information is not stored in any way our system.
When you enter the transaction process, there are two things you need to pay attention to to understand that you are on a secure site. One of them is a key or lock icon on the bottom line of your browser. This indicates that you are on a secure website and all your information is encrypted and protected. This information is only used depending on the sales process and in the direction of your instructions. The information about the credit card used during shopping is encrypted with 128-bit SSL (Secure Sockets Layer) protocol, independent of our shopping sites, and sent to the relevant bank for questioning. If the card availability is approved can be sustained for shopping. Since no information about the card can be viewed and recorded by us, third parties are prevented from using this information under any circumstances.
The reliability of payment/invoice/delivery address information of orders placed online by credit card is audited by our company against Credit Card Fraud. Therefore, the accuracy of financial and address/telephone information must first be confirmed in order for customers who place an order from our shopping site for the first time to reach the supply and delivery stage. In order to control this information, if necessary, the customer who has the credit card or the relevant bank is contacted.
Only you can access and change all the information you provide while becoming a member. If you protect your member login information securely, it is not possible for others to access and change information about you. For this purpose, it is acted within the 128-bit SSL security area during membership transactions. This system is an international encryption standard that cannot be broken.
Internet shopping sites that have an information line or customer service service and specify open address and telephone information are more preferred today. In this way, you can get detailed information about all the issues that come to your mind, and you can get healthier information about the reliability of the company that provides online shopping service.
Link(s): The link(s) that enables access to another website, files, content or from another website to the Website, files and content through the Website.
THIRD PARTY WEBSITES AND APPS
Our store may link to other sites within the website. Our company does not bear any responsibility for the privacy practices and contents of the sites accessed through these links. Advertisements published on the website of our company are distributed to our users through our advertising partners. The Privacy Policy Principles in this agreement are only for the use of our Store and do not cover third party websites.
EXCEPTIONAL CIRCUMSTANCES
In the limited cases specified below, our company may disclose the information of users to third parties, except for the provisions of this 'Privacy Policy'. These cases are limited in number;
1. To comply with the obligations imposed by the laws, Decree-Laws, Regulations, etc., issued by the competent legal authority and in force;
2. In order to fulfill the requirements of the 'Membership Agreement' and other agreements concluded by our store with users and to put them into practice;
3. Requesting information about users for the purpose of conducting an investigation and investigation duly carried out by the competent administrative and judicial authority;
4. In cases where it is necessary to provide information to protect the rights or security of users.
EMAIL SECURITY
Never write your credit card number or password in the e-mails you send to our store's Customer Service regarding any of your orders. Information contained in e-mails can be viewed by third parties. Our company cannot guarantee the security of the information transferred from your e-mails under any circumstances.
You can send an e-mail to [email protected] for any questions and suggestions regarding our privacy policy. You can reach our company's contact information below.
Company Name : Fennes Home
Adress : Anadolu Mah. Necip Fazil Cd. No:163/B Arnavutkoy / Istanbul
Tel : 0850 308 50 14