Contents…………………………………………………………………………………….1
1.Introduction………………………………………………………………………………………2
1.1. Purpose…………………………………………………………………………………..…2
1.2.Scope………………………………………………………………………………..2
2.Definitions……………………………………………………………………………………2
3. Persons Involved in the Storage and Destruction Processes of Personal Data……………...2
4.Recording Media……………………………………………………………………………3
5. Explanations on Storage and Disposal………………………………………………3
5.1. Processing Purposes Requiring Storage……………………………………………….4
5.2.Reasons Requiring Destruction………………………………………………………..4
6.Technical and Administrative Measures………………………………………………………………4
6.1. Safe Storage of Personal Data and Against the Law
Technical and Administrative Measures Taken to Prevent Processing and Accessing
6.1.1.Technical Precautions……………………………………………………………………...4
6.1.2.Administrative Measures………………………………………………………………………...5
6.2. Techniques and Methods Used for the Lawful Destruction of Personal Data
Administrative Measures………………………………………………………………………………..5
6.2.1. Deletion of Personal Data………………………………………………………..5
6.2.2.Destruction of Personal Data………………………………………………………...6
6.2.3.Anonymization of Personal Data………………………………………..6
7.Storage and Disposal Periods……………………………………………………………….6
8.Periodic Destruction Period………………………………………………………………...8
9.Update of the Policy………………………………………………………………..8
10.Effective Date of the Policy…………………………………………………………….8
1.1. Aim
This personal data storage and destruction policy ("Policy") establishes the procedures for storing and destroying personal data processed by AGADIGITAL ELEKTRONİK MAĞAZACILIK VE TİCARET ANONİM ŞİRKETİ ("Our Company") under the Personal Data Protection Law No. 6698 ("KVKK") and related legislation. It defines the principles guiding our data management practices. This policy is published on our Company’s website at www.agakulche.com.
1.2. Scope
This Policy applies to the storage and destruction of personal data collected from the Company’s employees, prospective employees, interns, visitors, customers, and other natural persons whose personal data is processed.
2. Definitions
3. Persons Involved in the Storage and Destruction Processes of Personal Data
The units listed below are assigned to process, store, and destroy personal data per the law and implement technical and administrative measures within the scope of this Policy.
Unit |
Title |
Responsibilities |
IT |
IT Manager |
Ensures compliance with data retention and destruction periods and manages the technical aspects of the Policy. |
Human Resources |
Human Resources Manager |
Responsible for following data storage and destruction schedules, and executing the Policy accordingly. |
Financial Affairs |
Accounting Manager |
Ensures data storage and destruction compliance within the department’s scope and implements the Policy accordingly. |
Data Controller Rep. |
Oversees responsible units to ensure proper Policy implementation and manages data processing and registry matters. |
|
Contact Person |
Adheres to data retention and destruction periods, facilitates communication, and maintains contact with data owners. |
4. Recording Environments
Personal data is collected and stored by our Company both electronically (e.g., desktops, laptops, mobile devices, CDs, DVDs, USB drives, printers, scanners, emails, web, office software) and physically (e.g., paper documents, surveys, guest books), ensuring compliance with this Policy.