Retention and Destruction Policy
Retention and Destruction Policy
Contents…………………………………………………………………………………….1
1.Introduction………………………………………………………………………………………2
1.1. Purpose…………………………………………………………………………………..…2
1.2.Scope………………………………………………………………………………..2
2.Definitions……………………………………………………………………………………2
3. Persons Involved in theStorage and Destruction Processes of Personal Data……………...2
4.Recording Media……………………………………………………………………………3
5. Explanations on Storage and Disposal………………………………………………3
5.1. Processing Purposes Requiring Storage……………………………………………….4
5.2.Reasons Requiring Destruction………………………………………………………..4
6.Technical and Administrative Measures………………………………………………………………4
6.1. Safe Storage of Personal Data and Against the Law Technical and Administrative Measures Taken to Prevent Processing and Accessing
6.1.1.Technical Precautions……………………………………………………………………...4
6.1.2.Administrative Measures………………………………………………………………………...5
6.2. Techniques and Methods Used for the Lawful Destruction of Personal Data Administrative Measures………………………………………………………………………………..5
6.2.1. Deletion of Personal Data………………………………………………………..5 6.2.2.Destruction of Personal Data………………………………………………………...6
6.2.3.Anonymization of Personal Data………………………………………..6
7.Storage and Disposal Periods……………………………………………………………….6
8.Periodic Destruction Period………………………………………………………………...8
9.Update of the Policy………………………………………………………………..8
10.Effective Date of the Policy…………………………………………………………….8
Personal Data Storage and Destruction Policy
1.1. Aim
This personal data storage and destruction policy ("Policy") establishes the procedures for
storing and destroying personal data processed by AGADIGITAL ELEKTRONİK
MAĞAZACILIK VE TİCARET ANONİM ŞİRKETİ ("Our Company") under the Personal Data Protection Law No. 6698 ("KVKK") and related legislation. It defines the principles guiding
our data management practices. This policy is published on our Company’s website
at www.agakulche.com.
1.2. Scope
This Policy applies to the storage and destruction of personal data collected from the
Company’s employees, prospective employees, interns, visitors, customers, and other
natural persons whose personal data is processed.
2. Definitions
- Recipient group: The category of individuals or organizations to whom personal data
is transferred by the data controller.
- Relevant user: Individuals who process personal data within the organization or per
the data controller’s authorization, excluding those responsible for technical storage,
protection, and backup of the data.
- Destruction: Deletion, destruction, or anonymization of personal data.
- Law: Personal Data Protection Law No. 6698, dated 24/3/2016.
- Recording medium: Any environment where personal data is processed, whether
fully or partially automatic or non-automatic, as part of a data recording system.
- Personal data storage and destruction policy: The policy that guides the deletion,
destruction, and anonymization of personal data, including the maximum retention
period required for the intended purpose.
- Board: Personal Data Protection Board.
- Periodic Destruction: The recurring process of deleting, destroying, or anonymizing
personal data, as specified in the personal data storage and destruction policy, when
the processing conditions stated in the law no longer apply.
- Data recording system: The system where personal data is structured and
processed based on certain criteria.
- Data controller: The natural or legal person responsible for determining the
purposes and means of personal data processing, and for establishing and managing
the data recording system.
- Regulation: Refers to the Regulation on Deletion, Destruction, or Anonymization of
Personal Data.
3. Persons Involved in the Storage and Destruction Processes of Personal Data
The units listed below are assigned to process, store, and destroy personal data per the law
and implement technical and administrative measures within the scope of this Policy.
| Unit | Title | Responsibilities |
| IT | IT Manager | Ensures compliance with data retention and destruction periods and manages the technical aspects of the Policy. |
| Human Resources | Human
Resources
Manager | Responsible for following data storage and destruction schedules, and executing the Policy accordingly. |
| Financial Affairs | Accounting
Manager | Ensures data storage and destruction compliance within the department’s scope and implements the Policy accordingly. |
| Data Controller Rep. | Oversees responsible units to ensure proper Policy implementation and manages data processing and registry matters. | |
| Contact Person | Adheres to data retention and destruction periods, facilitates communication, and maintains contact with data owners. |
4. Recording Environments
Personal data is collected and stored by our Company both electronically (e.g., desktops,
laptops, mobile devices, CDs, DVDs, USB drives, printers, scanners, emails, web, office
software) and physically (e.g., paper documents, surveys, guest books), ensuring
compliance with this Policy.