تُستخدم ملفات تعريف الارتباط التقنية لضمان تشغيل موقعنا. للحصول على معلومات مفصلة حول ملفات تعريف الارتباط ، يرجى مراجعة Kaçmazlar Otomotiv Çerez Aydınlatma Metni

كاشمازلار

قيمنا ومبادئنا

نحول الأفكار العظيمة إلى منتجات رائعة. جميع المنتجات
كتالوجات منتجاتنا يمكنك العثور على جميع كتالوجات منتجاتنا هنا جميع الكتالوجات

قيمنا ومبادئنا

KACMAZLAR AUTOMOTIVE TRADE AND INDUSTRY LTD. STI.

PERSONAL DATA STORAGE AND DISPOSAL POLICY

AIM

This policy; It has been prepared in order to determine the procedures and principles regarding the work and transactions regarding the personal data storage and destruction activities carried out by KACMAZLAR Otomotiv Ticaret ve Sanayi Ltd.Sti.

From the date of entry into force of the Law on the Protection of Personal Data No. 6698 (“KVKK” or “Law”), the protection of personal data belonging to all real persons we come into contact with in any way while performing our commercial activities and in this context, the fulfillment of the requirements in the KVKK. We attach great importance to its fulfillment. This Personal Data Retention and Disposal Policy (“Policy”) has been prepared to inform you about the collection, use, sharing, protection, storage and deletion, destruction, anonymization processes and principles of personal data by KACMAZLAR Automotive Trade and Industry Ltd.Sti.

In this Policy, the principles regarding the processing of personal data of data owners by KACMAZLAR Automotive Trade and Industry Ltd.Sti.; TR. Constitution, international conventions, the Law on the Protection of Personal Data No. 6698 (“Law”) and other relevant legislation, and ensuring that the relevant persons use their rights effectively, are given priority in accordance with the order of regulation in the KVKK.

As a Data Controller who is obliged to register in the Registry in accordance with the Regulation, he is obliged to prepare a Policy in order to store the personal data in his possession in accordance with the personal data inventory and to delete, destroy or anonymize when necessary, and to act in accordance with this Policy.

SCOPE

This Policy; Company Officials, Company Employees, Company Apprentices, Company Interns, Employee Candidates, Visitors, Company Customers, Potential Customers and Third Parties, byKACMAZLAR Otomotiv Ticaret ve Sanayi Ltd.Sti., by automatic or non-automatic means provided that they are part of any data recording system. It has been prepared for real persons, especially those whose personal data are processed, and this will be applied within the scope of the specified persons.

DEFINITIONS

Recipient  Group

It is the natural or legal person category to which personal data is transferred by the data controller.

Explicit Consent

Consent on a specific subject, based on information and expressed with free will.

Anonymization

It is making personal data not to be associated with a specific or identifiable natural person under any circumstances, even by matching with other data.

Employee

Personnel within KACMAZLAR Automotive Trade and Industry Ltd.Sti.

EBYS

Electronic Document Management System

Electronic Media

Environments where personal data can be created, read, changed, and written by electronic devices.

Non-Electronic Media

All written, printed, visual, etc., other than electronic media. are other environments.

Service Provider

Natural or legal person providing services within the framework of a specific contract with KACMAZLAR Automotive Trade and Industry Ltd.Sti.

Relevant Person

The natural or legal person whose personal data is processed.

Relevant User

They are the person or unit responsible for the technical storage, protection and backup of the data within the data controller organization or in line with the instructions received from the data controller.

Destruction

It is the deletion, destruction or anonymization of personal data.

Law

The Law on Protection of Personal Data No. 6698.

Registration Environment

It is a general in which the personal veins that are completely or partially automated or whose data recording system is the part of the recovery -to -work -in -non -non -residual way.

Personal Data

Any information relating to an identified or identifiable natural person.

Personal Data

Processing Inventory

Personal data processing activities that data controllers carry out depending on their business processes; It is the inventory that they create by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group and the data subject group by explaining the maximum storage period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security.

Your Personal Data

Processing

Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or declaring personal data fully or partially automated or non-automatic, provided that it is a part of any data recording system. Any operation performed on the data, such as preventing its use.

Board

It is the Personal Data Protection Board.

Special Qualified

Personal Data

Data related to individuals’ race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, as well as biometric and genetic data are data.

Periodic Disposal

In case all of the personal data processing conditions in the law are no longer valid; It is the deletion, destruction or anonymization process that will be carried out at repetitive intervals as specified in the personal data retention and destruction policy.

Policy

It is the Personal Data Retention and Disposal Policy.

Company

KACMAZLAR Automotive Trade and Industry Ltd.Sti.

Registry

It is the Registry of Data Controllers maintained by the Presidency.

Data Processor

The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data-Registration System

It is a recording system in which personal data is structured and processed according to certain criteria.

Data Controller

It is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Data Controllers

Registry Information System

An information system created and managed by the Presidency, accessible over the internet, to be used by the data controllers in the application to the Registry and other related transactions related to the Registry.

VERBIS

Data Controllers Registry Information System

Regulation

Regulation on the Deletion, Disposal or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017

PRINCIPLES

The general principles in Article 4 of the Law will be followed.

KACMAZLAR Automotive Trade and Industry Ltd.Sti. accepts that having prepared this Policy alone does not mean that personal data is deleted, destroyed or anonymized in accordance with the Regulation, Law and relevant legislation.

KACMAZLAR Automotive Trade and Industry Ltd.Sti. accepts that it will act in accordance with the security measures in Article 12 of the Law, the provisions of the relevant legislation, the decisions to be taken by the Personal Data Protection Board and the Policy when storing or deleting, destroying or anonymizing personal data, declares and undertakes.

KACMAZLAR Automotive Trade and Industry Ltd.Sti., depending on this Policy and the Policy, during the deletion, destruction or anonymization of the personal data that is processed by non-automatic means, provided that the purpose of the personal data is fully or partially automatic or is part of any recording system. undertakes to ensure compliance with the tools, programs and processes to be implemented.

Unless a contrary decision is taken by the Board, the appropriate method of deletion, destruction or anonymization of personal data ex officio is chosen by us. However, upon the request of the Relevant Person, the appropriate method will be chosen by explaining the reason.

In the event that all the conditions for processing personal data in Articles 5 and 6 of the Law are no longer valid, the personal data is deleted, destroyed or anonymized by the Company ex officio or upon the request of the person concerned. In case the Related Person applies to the Company in this regard;

- Requests forwarded are answered within 30 (thirty) days at the latest,

- In case the data subject to the request has been transferred to third parties, this situation is notified to the third party to whom the data is transferred and necessary actions are taken before the third parties.

RESPONSIBILITIES AND DUTIES

All employees and units of the company; It provides full and active support to the units responsible for obtaining, processing and storing personal data in accordance with the law. All employees and units support the responsible units in the implementation of the administrative and technical measurestaken within the scope of the policy, in the training of the unit employees, in raising, increasing and monitoring the awareness of the employees, in the prevention of unlawful access to personal data and in the preservation of personal data in accordance with the law.

REGISTRATION ENVIRONMENT

i. Electronic Media

Servers (Domain, backup, email, database, web, file sharing, etc.)

Software (office software, portal, EBYS, VERBIS.)

Information security devices (firewall, intrusion detection and prevention, log file, antivirus, etc.)

Personal computers (Desktop, laptop)

Mobile devices (phone, tablet, etc.)

Optical discs (CD, DVD, etc.)

Removable memories (USB, Memory Card etc.)

Printer, scanner, copier

ii. Non-Electronic Media

Paper,

Manual data recording systems (survey forms, visitor logbook)

Written, printed, visual media

LEGAL REASONS FOR KEEPING

KACMAZLAR Otomotiv Ticaret ve Sanayi Ltd.Sti. keeps the personal data it processes for the period stipulated in the relevant legislation and within the scope of the relevant legislation. The reasons for keeping it in this context are as follows:

Storing personal data as it is directly related to the establishment and performance of contracts,

Storing personal data for the purpose of establishing, exercising or protecting a right,

It is obligatory to keep personal data for the legitimate interests of the company, provided that it does not harm the fundamental rights and freedoms of individuals,

Storing personal data for the purpose of fulfilling any legal obligations of the company

Explicitly stipulating the storage of personal data in the legislation,

Explicit consent of data owners in terms of storage activities that require the explicit consent of data owners.

KACMAZLAR Automotive Trade and Industry Ltd.Sti. shows special sensitivity in the storage of special quality personal data, which is believed to be of more critical importance for data owners from various aspects. In this context, provided that adequate measures determined by the Board are taken, such data are not processed without the explicit consent of the data owners. However, special categories of personal data other than health and sexual life data can also be processed without the explicit consent of the data owner in cases stipulated by law. However, data related to health and sexual life can be processed without obtaining explicit consent, provided that adequate precautions are taken and in the presence of the following reasons:

Protection of public health,

Preventive medicine,

medical diagnosis,

Execution of treatment and care services,

Planning and management of health services and its financing.

PROCESSING OBJECTIVES THAT REQUIRE STORAGE

KACMAZLAR Automotive Trade and Industry Ltd.Sti. stores the personal data it processes within the framework of its activities for the following purposes.

Carrying out human resources processes,

To ensure the planning and execution of corporate communication activities,

Ensuring company security,

To be able to perform statistical studies,

To be able to perform work and transactions as a result of signed contracts and protocols,

To ensure the fulfillment of legal obligations as required or required by legal regulations,

To contact real / legal persons who have a business relationship with the company,

Making legal reports,

Creation of personnel files, payroll,

Employee contract process management,

Execution of insurance renewal processes,

Providing health services to employees,

Keeping blood group lists,

Allocating vehicles, telephones and lines to the employees within the scope of the performance of the employment contract,

Carrying out the processes of procuring power of attorney and signature circular,

Conducting conformity assessments within the scope of subcontracting,

Making emergency preparations and conducting operations,

Execution of occupational health and safety processes,

Accident and legislation management within the scope of occupational health and safety,

Establishing the processes of service procurement contracts,

Planning, auditing and execution of information security processes

Opening and authorizing e-mail accounts for employees,

Keeping internet log records,

Planning personnel travels and conducting advance processes,

Execution and follow-up of paperwork,

Making card and service records for personnel entries,

Continuity of budgeting processes,

Providing and managing personnel training,

Planning and execution of in-house training and orientation programs,

internal operations,

Activities with legal, technical and administrative consequences,

Strategy, planning and business partners/supplier management,

Planning and execution of in-company training programs,

Obligation of proof as evidence in legal disputes that may arise in the future.

LEGAL REASONS FOR DISPOSAL

In accordance with the Regulation, the personal data of the data owners in the cases listed below; It is deleted, destroyed or anonymized by KACMAZLAR Automotive Trade and Industry Ltd.Sti. ex officio or upon request:

In case it is necessary due to the amendment or repeal of the provisions of the relevant legislation, which is the basis for the processing or storage of personal data,

The disappearance of the purpose that requires the processing or storage of personal data,

Elimination of the conditions requiring the processing of personal data in Articles 5 and 6 of the Law,

In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject withdraws his consent,

The data controller accepts the application made by the data subject regarding the deletion, destruction or anonymization of his personal data within the framework of his rights in paragraphs 2 (e) and (f) of Article 11 of the Law,

In cases where the data controller rejects the application made by the data subject to the request for the deletion, destruction or anonymization of his personal data, his response is found to be insufficient or he does not respond within the time stipulated in the Law; Complaining to the Board and approval of this request by the Board,

The absence of any conditions justifying the retention of personal data for a longer period of time, although the maximum period for keeping personal data has passed.

STORAGE AND DISPOSAL PERIODS

The following criteria are used to determine the storage and destruction periods of your personal data obtained by KACMAZLAR Automotive Trade and Industry Ltd.Sti. in accordance with the provisions of the KVKK and other relevant legislation:

If a period of time is stipulated in the legislation regarding the storage of the personal data in question, this period shall be complied with. After the expiry of the aforementioned period, action is taken on the data within the scope of clause b.

In the event that the period stipulated in the legislation regarding the storage of the said personal data expires or if no period is stipulated in the relevant legislation regarding the storage of the said data, respectively;

a.Personal data is classified as personal data and sensitive personal data based on the definition in Article 6 of the KVKK. All personal data determined to be of a private nature will be destroyed. The method to be applied in the destruction of the said data is determined according to the nature of the data and the degree of importance of its storage to KACMAZLAR Automotive Trade and Industry Ltd.Sti.

b.Compliance of data storage with the principles specified in Article 4 of the KVKK, for example; It is questioned whether KACMAZLAR Automotive Trade and Industry Ltd.Sti. has a legitimate purpose in storing the data. Data that are detected to be kept in violation of the principles set forth in Article 4 of the KVKK are deleted, destroyed or anonymized.

c.It is determined which of the exceptions stipulated in Articles 5 and 6 of the KVKK that data storage can be evaluated within the scope of. Within the framework of the detected exceptions, reasonable periods for data storage are determined. In the event of the expiration of such periods, the data is deleted, destroyed or anonymized.

You can access the retention, destruction and periodic destruction periods determined by KACMAZLAR Automotive Trade and Industry Ltd.Sti. from the Company's "Personal Data Processing Inventory" of this Policy. Personal data, whose storage period has expired, is destroyed within the framework of the destruction periods in the annex of this Policy, in accordance with the procedures set forth in this Policy, every 6 months.

TECHNICAL AND ADMINISTRATIVE MEASURES

KACMAZLAR Automotive Trade and Industry Ltd.Sti., in accordance with Article 12 of the Law, takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the illegal processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, In this context, it makes or has the necessary inspections made.

Technical Measures

KACMAZLAR Automotive Trade and Industry Ltd.Sti., within the scope of technical measures;

Performs necessary internal controls within the scope of established systems.

It carries out information technology risk assessment and realization processes within the scope of established systems.

It ensures the provision of the technical infrastructure to prevent or monitor the leakage of data outside the company and the creation of relevant matrices.

Provides control of system vulnerabilities by receiving penetration test service regularly and when needed.

It ensures that the access to personal data of the employees in the information technology units is kept under control.

The destruction of personal data is ensured in a way that cannot be recycled and leaves no audit trail.

Pursuant to Article 12 of the Law, all kinds of digital media where personal data are stored are protected by encrypted or cryptographic (encryption) methods to meet information security requirements.

Administrative Measures

KACMAZLAR Automotive Trade and Industry Ltd.Sti., within the scope of administrative measures;

Restricts internal access to stored personal data to personnel required by job description. Whether the data is of a special nature or not and the degree of importance are also taken into account in limiting the access.

In case the processed personal data is obtained by others unlawfully, it notifies the person concerned and the Board as soon as possible.

Regarding the sharing of personal data, it signs a framework agreement on the protection of personal data and data security with the persons to whom personal data is shared, or provides data security with the provisions added to the existing agreement.

It employs knowledgeable and experienced personnel about the processing of personal data and provides its personnel with the necessary training within the scope of personal data protection legislation and data security.

It carries out and has the necessary inspections made in order to ensure the implementation of the provisions of the Law in its own legal entity. Eliminates privacy and security vulnerabilities that arise as a result of audits.

Before starting to process personal data, the company fulfills its obligation to inform the relevant persons.

Personal data processing inventory has been prepared.

PERSONAL DATA DISPOSAL TECHNIQUES

Your personal data processed for the purposes specified in this Personal Data Protection Policy; It will be deleted, destroyed and anonymized by us when the purpose that requires processing according to Article 7/1 of the Law No. 6698 disappears and the periods determined by the laws expire.

Deletion of Personal Data

Deletion of personal data processed in whole or in part by automatic means; It is the process of making the personal data in question inaccessible and unusable by the relevant users in any way. The data controller explains how the conditions specified in the third paragraph are provided for the personal data to be deemed deleted in the relevant policies and procedures.

Methods of Deletion of Personal Data

Personal Data on Servers

The system administrator removes the access authorization of the relevant users and deletes the personal data on the servers for those whose period of time has expired. While deleting data processed by fully or partially automated means and stored in digital media; Methods for deleting the data from the relevant software are used so that it cannot be accessed and reused in any way for the Relevant Users.

Deletion of relevant data in the cloud system by issuing a delete command; removing the access rights of the relevant user on the file or the directory where the file is located on the central server; deletion of related rows in databases with database commands; The deletion of data in flash media or portable media, using appropriate software, can be considered within this scope.

However, if the deletion of personal data will result in the inaccessibility of other data within the system and the inability to use this data, the personal data will also be deemed deleted if the personal data is archived in a way that cannot be associated with the data subject, provided that the following conditions are met.

− It is closed to the access of any other institution, organization or person,

− Taking all necessary technical and administrative measures to ensure that only authorized persons can access personal data.

Personal Data in Electronic Media

Among the personal data in the electronic environment, the ones whose period has expired are rendered inaccessible and non-reusable for other employees (related users) except the database administrator.

Personal Data in Physical Environment

Personal data kept in the physical environment is made inaccessible and non-reusable in any way for other employees, except for the unit manager responsible for the document archive, for those whose period of time has expired. In addition, the process of blackening is applied by drawing/painting/erasing in a way that cannot be read.

Personal Data in Portable Media

Of the personal data kept in flash-based storage media, the expired personal data is encrypted by the system administrator and the access authorization is given only to the system administrator, and are stored in secure environments with encryption keys.

Secure Erase by Expert

In some cases, it may hire an expert to delete personal data on its behalf. In this case, the personal data is securely deleted by the person who is an expert on this subject so that it cannot be accessed and reused in any way for the Relevant Users.

Destruction of Personal Data

Destruction of personal data in accordance with Article 9 of the Regulation; It is the process of making personal data inaccessible, irretrievable and reusable by anyone in any way. As the data controller, KACMAZLAR Automotive Trade and Industry Ltd.Sti. declares in this Policy that it has taken all necessary technical and administrative measures regarding the destruction of personal data.

Personal Data Destruction Methods

De-magnetizing

It is a method of corrupting the data on it in an unreadable way by passing the magnetic media through special devices where it will be exposed to high magnetic fields. It should be noted that if destruction with this method is not successful, only the physical destruction of the media will be able to complete the destruction.

Physical Destruction

Personal data can also be processed in non-automatic ways, provided that it is part of any data recording system. While such data is destroyed, a system of physical destruction of personal data is applied so that it cannot be used later. The destruction of data in paper and microfiche media should also be carried out in this way, as they cannot be destroyed in any other way.

Overwrite

The overwrite method is a data destruction method that makes it impossible to read and recover the old data by writing random data consisting of 0s and 1s at least seven times over magnetic media and rewritable optical media via special software.

Safely Delete from Software

Personal data kept in the cloud is irrecoverably deleted by digital command, and when the cloud computing service relationship ends, all copies of the encryption keys required to make the personal data usable are destroyed. Data deleted in this way cannot be accessed again.

Anonymization of Personal Data

Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data. In order for personal data to be anonymized; Personal data must be rendered unrelated to an identified or identifiable natural person, even by using appropriate techniques for the recording medium and the relevant field of activity, such as returning the personal data by the data controller or third parties and/or matching the data with other data.

Methods of Anonymization of Personal Data

Variable Subtraction

The existing data set is anonymized by removing the "high degree descriptive" variables from the variables in the data set created after the data collected through the extraction method of descriptive data. For example, in the table below, anonymization is achieved by removing highly descriptive data groups from the variables in the data set.

Removing Records

In the deregistration method, the stored data is anonymized by subtracting data rows that contain singularities among the data. For example, if there is only one senior manager in a company, the remaining data can be anonymized by removing the data belonging to this person from the records where the seniority, salary and gender data of the employees at the same level are kept.

Regional Hiding

In the regional hiding method, since a single data creates a very rarely visible combination, if it has a determining feature, hiding the relevant data provides anonymization. For example, if only one person among the relevant data controllers in the reserve list of the company's football team is 65 years old, in a dataset where the information about whether he or she can play football in terms of age, gender and health status is stored together, 'Age:65' is written as 'Unknown' or this part is left blank. will provide anonymization. Lower and Upper Bound Coding: With the lower and upper bound coding method, the values in a data group containing predefined categories are anonymized by determining a certain criterion and combining them.

Lower and Upper Bound Coding

With the lower and upper bound coding method, the values in a data group containing predefined categories are anonymized by determining a certain criterion and combining them.

Generalization

With the data aggregation method, many data are aggregated and personal data is rendered unrelated to any person. For example; revealing that there are as many as Z employees at the age of X without showing the age of the employees one by one.

Global Coding

With the data derivation method, a more general content is created than the content of the personal data and it is ensured that the personal data cannot be associated with any person. For example; indication of ages instead of dates of birth; specifying the area of residence instead of the full address.

Add Noise

The method of adding noise to the data is anonymized by adding some positive or negative deviations to the existing data at a determined rate, especially in a data set where numerical data are predominant. For example, in a data set with weight values (+/−) 3 kg deviation is used to prevent the actual values from being displayed and the data is anonymized. The deviation is applied equally to each value.

Micro Joining

In the micro-aggregation method, all data will first be grouped in a meaningful order (from large to small) and the value obtained by taking the average of the groups will be written instead of the relevant data in the current group, thereby providing anonymity. For example, for salary information; If two groups are made with a salary of less than or equal to 10,000 TL, the sum of the salaries of the people with a salary of 10,000 or less is divided by the number of people, and this value obtained is written in the salary set of everyone with a salary of less than 10,000 TL.

Data Exchange

In the data exchange method, the values of a variable are exchanged between the pairs selected from the stored data. In this method, which is used for data that can be categorized in general, the aim is to transform the database by interchanging the data of the data owners.

Pursuant to Article 28 of the KVKK, if personal data is processed for purposes such as research, planning and statistics by anonymizing with official statistics, this situation will be outside the scope of the Law and express consent will not be required.

PERSONAL DATA STORAGE AND DISPOSAL TIMES

The storage and destruction periods of your personal data obtained by KACMAZLAR Automotive Trade and Industry Ltd.Sti. in accordance with the provisions of the KVKK and other relevant legislation are given in the table below.

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Planning and Execution of Corporate Communication Activities

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 30 days following the destruction application of the data owner

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         General Assembly Transactions

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Customer's name - surname, T.C. Identity Number, product service preferences, transaction history, contact information

STORAGE PERIOD :  15 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                          Answering court/executive information requests regarding personnel, Criminal convictions and security measures

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Preparation of contracts

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Recruitment Following the termination of the employment relationship

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Payrolling

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Occupational Health and Safety Practices

STORAGE PERIOD :  15 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Log / Record / Tracking Systems

STORAGE PERIOD :  1 year

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Master Data Creation Processes

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Information about company partners and board members

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Company credit card allocation

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Payment transactions

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Personnel financing processes

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Part of the contract process and contract retention

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Document preparation

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Filing of training records

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Emergency preparations

STORAGE PERIOD :  1 year

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Camera Recordings

STORAGE PERIOD :  2 months

DISPOSAL PERIOD : After the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Employee health information

STORAGE PERIOD :  10 years

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Information about the website visitor

STORAGE PERIOD :  1 year

DISPOSAL PERIOD : After the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PERIOD :                         Data kept within the scope of Social Security Institution legislation

STORAGE PERIOD :  10 years after the termination of the employment relationship

DISPOSAL PERIOD : Within 180 days after the end of the storage period

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

PERIODIC DISPOSAL TIME

Physical and digital data, which have completed the legal storage and destruction periods, are periodically destroyed.  KACMAZLAR Automotive Trade and Industry Ltd.Sti. deletes, destroys or anonymizes personal data in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises. Periodic destruction is carried out at 6-month intervals for all personal data.

UPDATES, ADAPTATION AND CHANGES

KACMAZLAR Automotive Trade and Industry Ltd.Sti. reserves the right to make changes in this Policy and other related and related policies in line with the changes made in the Law, in accordance with the decisions of the KVK Board or in line with the developments in the sector or in the field of informatics.

Changes made in this Policy are immediately processed in the text and explanations regarding the changes are explained at the end of the Policy.

EFFECT AND REVOCATION OF THE POLICY

The policy is deemed to have entered into force after its publication on the website of KACMAZLAR Automotive Trade and Industry Ltd.Sti.  (www.kacmazlar.com). If it is decided to cancel it, old copies of the policy with wet signatures are canceled and signed (with an annulment stamp or written cancellation) and kept by the company for at least 5 years.