Menu
Menu
TABLE OF CONTENTS
III. DESCRIPTION OF STORAGE and DISPOSAL 4………………………………………………………. ……………………………………………………….
VII. PUBLICATION and RETENTION OF the POLICY 12……………………………………………… ………………………………………………
VIII. VIOLATION OF the POLICY and SANCTIONS 12…………………………………………………. ………………………………………………….
This Policy has been prepared by the Data Controller PROCAT in order to determine the procedures and principles to be followed in accordance with Article 7 of the LPPD.
PROCAT undertakes to comply with this Policy and the tools, programs and processes to be applied in accordance with this Policy during the deletion, destruction or anonymization of personal data it contains, which are fully or partially automatic or processed by non-automatic means, provided that they are part of any recording system.
This Policy; Employee, Employee Candidate, Employee Relative, Supplier Official, Supplier Employee, Product or Service Receiver, Potential Product or Service Receiver, Intern, Visitor, Employee Relative, Employee’s Authorized Person in the Old Workplace, Employer, Workplace Physician, Public Official, Institution Official, Reference Person, Receiver and Deliverer Person involved in any process in which PROCAT processes personal data and Other 3. personal data of individuals.
This Policy covers all destruction activities to be carried out by PROCAT on personal data and will be applied as a result of all kinds of destruction requirements.
This Policy will not apply to data that is not personal data.
In the event that new legislation on the subject is published or the relevant legislation is updated, this Policy will be updated in accordance with the relevant legislation and the requirements of the legislation will be complied with.
Description | Description |
Explicit Consent | Consent to a specific subject, based on information and expressed in free will |
PROCAT | Procat Danışmanlık Yazılım Telekomünikasyon Pazarlama Tic. A.Ş. |
Employee | Employees at PROCAT |
Employee Candidate | Persons applying for a job with PROCAT |
Contact Person | Real person whose personal data is processed |
Related User | Persons who process personal data within the data controller organization or in accordance with the authorizations and regulations received from the Data Controller, except for the person or unit responsible for the technical storage, protection and backup of the data |
Disposal | Deletion OR destruction OF personal data |
Recording Media | Any medium in which personal data is fully or partially automated or processed by non-automatic means, provided that it is part of any data recording system |
Personal Data | Any information relating to an identified or identifiable natural person |
Anonymization of Personal Data
| Anonymization of personal data, making personal data impossible to be associated with an identified or identifiable natural person in any way, even if it is paired with other data |
Destruction of Personal Data | Deletion, anonymization or destruction of personal data |
Deletion of Personal Data | Making personal data inaccessible and unusable for the Relevant User in any way |
Destruction of Personal Data | Destruction of personal data, making personal data inaccessible, unrecoverable and unusable by anyone in any way |
Committee | PROCAT Personal Data Protection Committee |
KVKK | Personal Data Protection Law No. 6698 published in the Official Gazette dated 7 April 2016 and numbered 29677 |
KVK Board | Personal Data Protection Board |
Sensitive Personal Data | Biometric and genetic data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures |
Periodic Destruction
| In the event that all the conditions for the processing of personal data in the KVKK are eliminated, the deletion, destruction or anonymization of personal data to be carried out ex officio at repeated intervals specified in the Retention and Destruction Policy |
Policy | PROCAT Personal Data Retention and Destruction Policy |
Instruction | PROCAT Disciplinary Instruction for the Protection of Personal Data |
Product or Service Receiver | Natural or legal persons with a contractual relationship with PROCAT |
Data Recording System | Recording system in which Personal Data is structured and processed according to certain criteria |
Data Controller | Natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system |
Regulation | Regulation on Deletion, Destruction or Anonymization of Personal Data |
By PROCAT; Employee, Employee Candidate, Employee Relative, Supplier Official, Supplier Employee, Product or Service Receiver, Potential Product or Service Receiver, Intern, Visitor, Employee Relative, Employee’s Authorized Person in the Old Workplace, Employer, Workplace Physician, Public Official, Institution Official, Reference Person, Receiver and Deliverer, Person Subject to the News and Other 3. Personal data of individuals are stored and destroyed in accordance with the Law.
In this context, detailed descriptions of storage and disposal are given below, respectively.
In Article 3 of the LPPD, the concept of processing personal data is defined, in Article 4 of the LPPD, it is stated that the personal data processed should be related, limited and proportionate to the purpose for which they are processed and should be kept for the period stipulated in the relevant legislation or for the purpose for which they are processed, and in Articles 5 and 6 of the LPPD, the processing conditions of personal data are listed. Accordingly, within the framework of PROCAT activities, personal data are stored for the period stipulated in the relevant legislation or in accordance with our processing purposes.
Personal data are stored for the retention periods stipulated within the framework of these laws and other secondary regulations in force.
PROCAT stores the personal data it processes within the framework of its activities for the following purposes:
In the event that PROCAT rejects the application made to it by the Data Subject for the deletion, destruction or anonymization of his/her personal data, finds his/her response insufficient or does not respond within the period stipulated in the PPDL;
is deleted, destroyed or ex officio deleted, destroyed or anonymized by PROCAT upon the request of the Relevant Person.
In order to store personal data securely, to prevent unlawful processing and access, and to destroy personal data in accordance with the law, technical and administrative measures are taken by PROCAT within the framework of adequate measures determined and announced by the KVK Board for sensitive personal data in accordance with Article 12 of the KVKK and the fourth paragraph of Article 6 of the KVKK.
At the end of the period stipulated in the relevant legislation or the retention period required for the purpose for which they are processed, personal data shall be destroyed or anonymized by PROCAT ex officio or upon the application of the Relevant Person using the following techniques in accordance with the provisions of the relevant legislation.
Personal data is destroyed by PROCAT or, if deemed necessary, by another third party determined by PROCAT by the methods specified below.
Place in Electronic Media Field Personal Data | Those whose period of time requires storage from personal data in the electronic environment are made inaccessible and unusable in any way for the other Employee (Relevant User), except for the database administrator. |
Location in Physical Environment Field Personal Data | For those who have expired the period that requires storage of personal data kept in the physical environment, it is made inaccessible and unusable in any way for the other Employee, except for the unit manager responsible for the document archive. In addition, blackout is also applied by scratching/painting/wiping so that it cannot be read. |
Available in Paper Media Personal Data Blacking out | In order to prevent the unintended use of personal data or to delete the data requested to be deleted, it is the method of physically cutting the relevant personal data from the document or making it irreversible and not visible by using fixed ink in a way that cannot be read with technological solutions. |
Located on Servers Personal Data | For those whose period requiring storage from the personal data on the servers has expired, the system administrator removes the access authority of the Relevant User and deletes it. |
On Portable Media Personal Data Found | Those that require storage of personal data kept in flash-based storage environments are encrypted by the system administrator and access authority is given only to the system administrator and stored in secure environments with encryption keys. |
Safe by Expert Deleting As | In some cases, he/she may agree with an expert to delete personal data on his/her behalf. In this case, the personal data is securely deleted by the person who is an expert in this field in such a way that it is made inaccessible and unusable for the Relevant User in no way. |
Secure from Software Deleting As | When deleting data processed in fully or partially automated ways and stored in digital environments, methods for deleting the data from the relevant software are used in a way that makes it inaccessible and unusable for the Relevant Users in no way. Deleting the relevant data in the cloud system by giving a deletion command; removing the access right of the Relevant User on the file or directory where the file is located on the central server; deleting the relevant lines in the databases with the database commands or deleting the data in the portable media, that is, in the flash environment, using the appropriate software can be considered within this scope. |
Personal data is destroyed by PROCAT by the methods specified below.
Location in Physical Environment Field Personal Data | Those whose period of time requires the storage of personal data in the paper environment are irreversibly destroyed in paper crushing machines. |
Physical Destruction | Personal data may also be processed in non-automatic ways, provided that it is part of any data recording system. while destroying the data, the system of physical destruction of personal data in a way that cannot be used later is applied. The destruction of data in the paper environment should also be carried out in this way, as it is not possible to destroy them in any other way. |
In Optical / Magnetic Media Personal Data Included | The physical destruction process such as melting, burning or pulverizing the expired ones, which require storage from the personal data in optical media and magnetic media, is applied. In addition, the data on the magnetic media is made unreadable by passing it through a special device and exposing it to a high magnetic field. |
Overwrite | Overwrite method, at least seven over magnetic media and rewritable optical media through special software there is no data that makes it impossible to read and recover old data by typing random data consisting of 0s and 1s is the method of making. |
During the realization of the above-mentioned situations, PROCAT fully complies with the provisions of the LPPD, the Regulation and other relevant legislation in order to ensure data security and takes all necessary administrative and technical measures.
Anonymization of personal data is the process of making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if it is paired with other data.
In order for personal data to be anonymized, it must be made unrelated to an identified or identifiable natural person, even through the use of appropriate techniques in terms of the Recording Media and the relevant field of activity, such as the return of personal data by the data controller or third parties and/or the matching of data with other data.
PROCAT makes a determination by taking into account the legislation in force and the purposes of processing the data subject to the process while determining the storage periods of personal data.
In any case, retention periods are determined in the light of legal obligations and relevant statute of limitations.
Updates can be made by PROCAT on the said storage periods if necessary. In the event that the purpose of data processing disappears, the data is deleted, destroyed or anonymized unless there is another legal reason or basis that allows the data to be kept.
In accordance with Article 11 of the Regulation, PROCAT has determined the periodic destruction period as 6 months. Accordingly, periodic destruction is carried out in June and December each year.
The policy is published in two different media, wet signed (printed paper) and electronic, and is explained on the official website. The printed paper copy is also stored in PROCAT.
In case of violation of this Policy, in accordance with the Instruction; by operating the disciplinary process valid at that time, warning, reprimand, collection of fine can be applied and one or more of the contract termination sanctions can be applied, and legal action can be initiated.
This Policy issued by Procat entered into force on 26.06.2020 and necessary updates will be made in case of renewal of all or certain articles of the Policy.
The initial stage of any project is to understand and analyse the needs of our customers. We propose solutions specific to our customer’s needs and always aim to become a valued and strategic partner.
