STORAGE AND DESTRUCTION OF PERSONAL DATA POLICY

TEKPAN TEKNİK ELK KUMANDA PANO SAN. VE TURİZM TİC. A.Ş.

STORAGE AND DESTRUCTION OF PERSONAL DATA POLICY

SECTION 1: NATURE AND PURPOSE OF THE STORAGE AND DESTRUCTION POLICY

1.1. INTRODUCTION

This “Storage And Destruction Of Personal Data Policy” Is Issued In Order To Identify The Methods And Principles Concerning The Storage And Destruction Operations Carried Out By Tekpan Teknik Elk. Kumanda Pano San. Ve Tur. Tic. A.Ş. (TEKPAN).

TEKPAN Has Established As Its Priority To Process Any Personal Data Of The Company’s Employees, Customers, Suppliers, Service Providers, Visitors And Other Third Parties Whose Personal Data The Company Possesses For Any Reason Whatsoever In Accordance With The Constitution Of The Republic Of Turkey, International Conventions, Protection Of Personal Data Act No. 6698 (Act) And Other Relevant Regulations And To Enable Any Relevant People To Exercise Their Rights In An Effective Manner.

Any Works And Transactions Concerning The Storage And Destruction Of Personal Data Are Carried Out In Accordance With The Policy Issued To This Effect By TEKPAN.   

 

1.2. SCOPE

Personal Data Of TEKPAN Employees, Candidate Employees, Customers, Suppliers, Service Providers, Visitors And Other Third Parties Are Covered By This Policy And This Policy Is Applicable To Any And All Recording Media By Which Personal Data As Owned Or Managed By TEKPAN As Well As In Any Activities For The Processing Of Personal Data.

1.3 ABREVIATIONS AND DEFINITIONS

Direct Identifiers                    : Means Those Identifiers That Alone Reveal, Disclose And Make Distinctive The Person With Whom They Are Associated In A Direct Manner;

Indirect Identifiers                  : Means Those Identifiers That Come Together With Other Identifiers And Reveal, Disclose And Make Distinctive The Person With Whom They Are Associated In An Indirect Manner;

Relevant Person                     : Means The Natural Person Whose Personal Data Are Processed;

Destruction                             : Means The Deletion, Destruction Or Anonymization Of Personal Data;

Act                                          : Means The Protection Of Personal Data Act No. 6698 Published In The Official Journal No. 29677 Dated 07.04.2016;

Regulation                              : Means The Regulation Concerning The Deletion, Destruction Or Anonymization Of Personal Data Published In The Official Journal No. 30224 Dated 28.10.2017;

Committee                              : Means The Protection Of Personal Data Committee;

Recording Media                    : Means Any And All Media In Which Any Personal Data Processed In A Completely Or Partly Automatic Way Or, Provided That It Is Part Of A Data Recording System, In Non-automatic Ways;

Processing And Protection

of Personal Data Policy        : Means The Policy Which May Be Accessed At “www.tekpan.com.tr” and Which Identifies The Methods And Principles Concerning The Management Of The Personal Data As Possessed By TEKPAN;

Data Recording System         : Means The Recording System By Which Personal Data Are Structured And Processed By Particular Criteria;

Recipient Group                     : Means The Category Of Natural Person Or Legal Entity To Whom Personal Data Are Transmitted By The Data Controller;

Explicit Consent                     : Means The Consent Concerning A Particular Matter, Based On Information And Disclosed By Free Will;

Anonymization                       : Means Making Personal Data Not By Any Means Associable With Any Identified Or Identifiable Natural Person Even By Matching Them With Any Other Data; 

Employee                                : Means TEKPAN Personnel;

Electronic Media                    : Means Any Media On Which Personal Data May Be Created, Read, Modified And Written By Electronic Devices;

Non-Electronic Media            : Means Any And All Written, Printed, Visual, Etc. Media Other Than Electronic Ones;

Service Provider                     : Means Any Natural Person Or Legal Entity Providing TEKPAN With Services Under A Particular Contract;

Relevant User                        : Means Any People Who Process Personal Data Within The Organisation Of The Data Controller Or In Accordance With The Power And Instructions Which He Has Received From The Data Controller, Except The Person Or Unit Responsible For The Technical Storage, Protection And Backup Of Data;

Personal Data                         : Means Any And All Information Concerning Any Identified Ort Identifiable Natural Person;

Personal Data Processing Inventory : Means The Inventory In Which Data Controllers Describe And Detail Their Personal Data Processing Activities Which They Are Accomplishing On The Basis Of Business Processes, Their Data Processing Purposes, Maximum Period Of Time Which They Have Created By Associating Them With The Data Category, Recipient Group To Which Personal Data Are Transmitted And Group Of Persons Subject To Data And Which Are Required For The Purposes For Which Personal Data Are Processed, Persona Data Anticipated To Be Transmitted To Foreign Countries And The Measures Taken For Data Security;

Processing Of Personal Data   : Means Any And All Procedures Carried Out On Data Such As Obtaining, Recording, Storing, Saving, Modifying, Re-arranging, Disclosing, Transmitting, Taking Over, Making Available, Categorising Or Preventing The Use Of Personal Data Via Completely Or Partly Automatic Or, Provided That It Is Part Of Any Data Recording System, Non-automatic Ways;

Personal Data Of Special Nature : Means Any Data Concerning The Race, Ethnic Origin, Political Opinion, Philosophical Belief, Religion, Creed Or Other Faiths, Raiment, Membership To Associations, Foundations And Labour Unions, Health, Sexual Life Criminal Conviction And Security Measures Of People As Well As Their Biometric And Genetic Data;

Periodical Destruction            : Means The Process Of Deletion, Destruction Or Anonymization Identified In The Storage And Protection Of Personal Data Policy And To Be Carried Out Ex Officio At Recurring Intervals In Case All Of The Processing Conditions Of Personal Data As Contained In The Act Have Ceased To Exist;

Data Processor                       : Means Any Natural Person Or Legal Entity That Processes Personal Data On Behalf Of The Data Controller On The Basis Of The Power Vested Upon Him By The Data Controller;

Data Controller                       : Means Any Natural Person Or Legal Entity That Identifies The Processing Purposes And Means Of Personal Data And Is Responsible For The Setup And Management Of Personal Data;

Data Controllers’ Registry

Information System               : Means The Information System To Be Used By Data Controllers In Filing An Application With The Registry And In Any Other Registry-related Processes, Which Can Be Accessed Online And Which Is Created And Managed By The Presidency; 

VERBİS                                 : Means The Data Controllers’ Registry Information System.

 

SECTION 2: MEDIA AND SECURITY MEASURES

2.1. MEDIA IN WHICH PERSONAL DATA ARE STORED

Personal Data Stored At TEKPAN Are Kept In Recording Media Complying With The Nature Of The Relevant Data And Our Legal Obligations.

Recording Media Used To Store Personal Data Are The Ones As Listed Below In General Terms. However, Some Data May Be Kept In Media Different From Those Specified Here Due To The Special Specifications They Possess Or Due To Our Legal Obligations. At All Events, TEKPAN Acts In Its Capacity As The Data Controller And Processes And Protects Personal Data In Accordance With Protection Of Personal Data Act, Processing And Protection Of Personal Data Policy And This Storage And Destruction Of Personal Data Policy.

Electronic Media:

  • Servers (domain, Backup, E-mail Database, Web, File Sharing, Etc.)
  • Software (Office Software, Portal, VERBİS)
  • Information Security Devices (security Wall, Intrusion Detection And Prevention System, Daily Record File, Antivirus, Etc.)
  • Personal Computers (desktop, Laptop)
  • Mobile Devices (Telephone, Tablet, Etc.)
  • Optical Disks (CD, DVD, Etc.)
  • Removable Memory Devices (USB, Memory Card, Etc.)
  • Printer, Scanner, Photocopier

Non-Electronic Media:

  • Paper
  • Manual Data Recording Systems (inquiry Forms, Visitor Book, Etc.)
  • Written, Printed, Visual Media.

 

 2.2. PROVISION OF THE SECURITY OF MEDIA

TEKPAN Takes Any And All Necessary Technical And Administrative Measures In Compliance With The Relevant Personal Data And The Media In Which They Are Stored In Order To Store Personal Data In A Secure Manner And Prevent The Same From Being Illegally Processed And Accessed.

Such Measures Cover, Without Limitation, The Following Technical And Administrative Measures To The Extent That They Befit The Nature Of The Relevant Personal Data And The Media In Which It Is Stored.

2.2.1. Technical Measures

Technical Measures Taken By TEKPAN For The Personal Data Which It Processes Are Itemised Below:

  • Only Current And Secure Systems Complying With Technological Developments Are Used In The Media In Which Personal Data Are Stored.
  • Security Systems Intended For The Media In Which Personal Data Are Stored Are Used.
  • Security Tests And Research Are Carried Out To Identify Any Weaknesses On The Information Systems And Any Existing Or Potential Risk-posing Issues Identified As A Result Of Such Tests And Research Are Eliminated.
  • Access To Data Is Restricted In The Media In Which Personal Data Are Stored, Such Data Are Allowed To Be Accessed Only By Authorised People, Limited To The Purpose Of Storing The Data And All Accesses Are Recorded.
  • TEKPAN Maintains An Adequate Number Of Technical Staff Members In Order To Provide The Security Of The Media In Which Personal Data Are Stored.

2.2.2. Administrative Measures

TEKPAN Takes The Following Administrative Measures In Accordance With The Specifications Of The Relevant Data And Of The Media In Which Such Data Are Stored In All Media In Which Personal Data Are Stored:

  • Works Are Performed In Order To Enhance The Awareness Of And Make Conscious All TEKPAN Employees Who Have Access To Personal Data On Information Security, Personal Data And Privacy Of Life.
  • Legal And Technical Consultancy Services Are Purchased In Order To Follow Up Any Developments In Information Security, Privacy Of Life And Protection Of Personal Data And To Take Any Necessary Actions.
  • In The Event That Personal Data Are Transmitted To Any Third Parties Due To Technical Or Legal Obligations, Protocol Are Signed With Any Relevant Third Parties For The Protection Of Personal Data And Any Necessary Care Is Taken So That Such Third Parties Will Comply With Their Obligations In Such Protocols.

2.2.3. In-Company Inspection

TEKPAN Carries Out In-company Inspections Concerning The Application Of The Provisions Of The Act And Those Of This Storage And Destruction Of Personal Data Policy And The Processing And Protection Of Personal Data Policy As Per The Article 12 Of The Act.

In Case Any Deficiencies Or Defects Are Identified In The Application Of Such Provisions As A Result Of The In-company Inspections, Such Deficiencies And Defects Are Immediately Remedied.

In The Event That Any Personal Data That Are Under The Responsibility Of TEKPAN Is Found Out To Have Been Illegally Acquired By Any Other Parties During Such Inspection Or In Any Other Way, Then TEKPAN Notifies The Relevant Person And The Committee Of This Fact As Soon As Possible.

 

SECTION 3: DESTRUCTION OF PERSONAL DATA

3.1. REASONS FOR STORAGE AND DESTRUCTION

3.1.1. Reasons For Storage

The Concept “processing Of Personal Data” Is Defined In The Article 3 Of The Act; It Is Stated In The Article 4 Of The Act That Personal Data So Processed Should Be connected With, Limited And Calibrated To The Purpose For Which They Are Processed And Stored For Any Period Of Time As Prescribed In The Relevant Regulations Or Required For The Purpose For Which They Are Processed; And conditions For The Processing Of Personal Data are Listed In The Article 5 And 6 Thereof.

Accordingly, Personal Data Are stored For The Period Of Time As Prescribed In The Relevant Regulations Or Complying With Our Purposes Of Processing within The Framework Of TEKPAN’s Operations.

Personal Data Maintained In The Possession Of TEKPAN Are Stored For The Purposes And Reasons As Specified Herein As Per The Act And Our Personal Data Policy (you Cam Access To The Relevant Policy At “www.tekpan.com.tr”).

3.1.2. Reasons For Destruction

Personal Data Are Deleted Or Destroyed By TEKPAN Upon The Relevant Person’s Request Or Deleted Or Destroyed Ex Officio And Anonymized In The Event That

  • the Provisions Of The Relevant Regulations On Which The Processing Thereof Is Based Are Amended Or Abolished;
  • the Purpose Requiring The Processing Or Storage Thereof Ceases To Exist;
  • in Cases Where The Processing Of Personal Data Is Only Carried Out On The Basis Of Explicit Consent, The Relevant Person Withdraws His Consent;
  • the Application Filed For The Deletion Or Destruction Of His Personal Data By The Relevant Person Within The Framework Of The Rights Of The Relevant Person As Per The Article 11 Of The Act Is Accepted;
  • in Cases Where TEKPAN Denies Any Application Filed With It By The Relevant Person Claiming The Deletion, Destruction Or Anonymization Of His Personal Data, Where It Deems The Reply Given To Be Insufficient Or Where It Fails To Reply Within The Period Of Time As Prescribed By The Act, The Relevant Person Files A Complaint With The Committee And Such Request Is Considered Proper By The Committee;
  • the Maximum Period Requiring The Storage Of Personal Data Has Expired And There Is No Condition Which Will Justify The Storage Of Personal Data For Any Longer Period Of Time.  

3.2. DESTRUCTION METHODS

At The Expiry Of The Period As Prescribed By The Relevant Regulations Or Of The Storage Period Required For The Purpose For Which They Are Processed, Personal Data Are Destroyed By The Following Techniques In Accordance With The Provisions Of The Relevant Regulations By TEKPAN Either Ex Officio Or Upon The Relevant Person’s Request.

3.2.1.1 Deletion Methods

Personal Data Contained In Servers              : Of Those Personal Data Contained In Servers, Those Of Which Period Requiring The Storage Thereof Has Expired Are Deleted By Removing The Power Of Access Of Any Relevant Users By The System Administrator.

Personal Data Contained In Electronic

Media                                                              : Of Those Personal Data Contained In Electronic Media, Those Of Which Period Requiring The Storage Thereof Has Expired Are Made Inaccessible And Non-reusable For Any Employees (relevant Users)  except The Database Administrator.

Personal Data Contained In Physical  

Media                                                              : Of Those Personal Data Contained In Physical Media, Those Of Which Period Requiring The Storage Thereof Has Expired Are Made Inaccessible And Non-reusable For Any Employees Except The Unit Manager Responsible For Document Archive. Further, Blackout Process Is Applied By Striking Out/painting/erasing In An Illegible Manner.

Personal Data Contained In Portable

Media                                                              : Of Those Personal Data Contained In Flash-based Storage Media, Those Of Which Period Requiring The Storage Thereof Has Expired Are Encrypted By The System Administrator, And Power Of Access Is Only Granted To The System Administrator And They Are Stored In Secure Media With Encryption Keys.

3.2.1.2 Destruction Method

Personal Data Contained In 

Physical Media                                  : Of Those Personal Data Contained In Hardcopies, Those Of Which Period Requiring The Storage Thereof Has Expired Are Irretrievably Destroyed In Paper Shredders.

Personal Data Contained In

Optical/Magnetic Media                    : Of Those Personal Data Contained In Optical Or Magnetic Media, Those Of Which Period Requiring The Storage Thereof Has Expired Are Physically Destroyed By Melting, Incinerating Or Pulverising. Further, Magnetic Media Are Passed Through A Special Device And Exposed To A High Degree Of Magnetic Field, Thus Making Any Data Thereon Illegible.

3.2.1.3. Anonymization Methods

Anonymization Of Personal Data Means To Make Non-associable With Any Identified Or Identifiable Natural Person In Any Manner Whatsoever Even If They Are Matched With Other Data.

In Order To Anonymize Personal Data, They Are Made Non-associable With Any Identified Or Identifiable Natural Person Even By Using Such Technical Suitable For Recording Media And Related Area Of Activity As Being Recovered By The Data Controller Or Any Third Parties And/or By Matching Personal Data With Other Data. 

3.3. STORAGE AND DESTRUCTION PERIODS

3.3.1. Storage Periods

DATA OWNER

DATA CATEGORY

DATA STORAGE PERIOD

Employee

Recruitment Documentation And Personal Data Submitted To The Social Security Organisation On Which Statements Related To Service Period And Wage Are Based

To Be Stored During The Validity Of The Employment Contract And For A Period Of 10 (ten) Years Upon Its Termination.

Employee

Recruitment Documentation And Personal Data Other Than Personal Data Submitted To The Social Security Organisation On Which Statements Related To Service Period And Wage Are Based

To Be Stored During The Validity Of The Employment Contract And For A Period Of 10 (ten) Years Upon Its Termination.

Employee

Data Contained In The Workplace Personal Medical File

To Be Stored During The Validity Of The Employment Contract And For A Period Of 15 (fifteen) Years Upon Its Termination.

Business Partner/Solution Partner /Consultant

Identity Information, Contact Details, Financial Data Related To The Business Relationship Between Business Partner/Solution Partner/Consultant And TEKPAN, Data Of The Employees  of Business Partner/Solution Partner/ Consultant

To Be Stored During The Business/commercial Relationship Between The Business Partner/Solution Partner/Consultant And TEKPAN And For A Period Of 10 (ten) Years Following The Termination Thereof As Per The Article 146 Of The Turkish Code Of Obligations And The Article 82 Of The Turkish Commercial Code.

Visitor

First Name, Last Name, Turkish Personal Identity Number, Traffic Plate Number And Camera Records Taken At Entry To The Physical Location As Owned By TEKPAN

To Be Stored For A Period Of 2 (two) Years.

Website Visitor

First Name, Last Name, E-mail Address, Browsing Activities Of Website Visitors

To Be Stored For A Period Of 2 (two) Years.

Candidate Employee

Information As Contained In The CV And Employment Application Form Of The Candidate Employee

To Be Stored For A Period At The Expiry Of Which The Curriculum Vitae Will Cease To Be Current But Not To Be More Than 2 (two) Years.

Trainee (Student)

Information As Contained In The Training File Of A Trainee

To Be Stored During The Training Relationship And For A Period Of 10 (ten) Years Following The Expiry Thereof Starting From The Beginning Of The Forthcoming Calendar Year.

Customer

First Name, Last Name, Turkish Personal Identity Number, Contact Details, Payment Information And Methods, Browsing Activities, , Product/service Preferences, Transaction Background, Special Day Details Of The Customer

To Be Stored For A Period Of 10 (ten) Years As From The Launch Of Such Product/service As Purchased By The Customer As Per The Article 146 Of The Turkish Code Of Obligations And The Article 82 Of The Turkish Commercial Code.

Customer

Camera Images, Traffic Plate Number

 To Be Stored For A Period Of 2 (two) Years.

Potential Customer

Identity Information, Contact Details, Financial Information Taken During The Talks For Contracts Between The Potential Customer And TEKPAN,

To Be Stored For A Period Of 2 (two) Years.

Corporations/Companies With Which TEKPAN Is In Cooperation (Supplier, Toll Manufacturer, Dealer/ Franchise)

Identity Information, Contact Details, Financial Information Concerning The Implementation Of The Commercial Relationship Between The Corporations/Companies With Which TEKPAN Is In Cooperation And TEKPAN, , Data Of The Employees Of The Corporations/Companies With Which TEKPAN Is In Cooperation

To Be Stored During The Business/ Commercial Relationship Between The Corporations/Companies With Which TEKPAN Is In Cooperation And TEKPAN And For A Period Of 10 (ten) Years Following The Termination Thereof As Per The Article 146 Of The Turkish Code Of Obligations And The Article 82 Of The Turkish Commercial Code.

* In The Event That A Longer Period Has Been Fixed As Per The Regulations Or If A Longer Period Has Been Prescribed For Prescription Period, Foreclosure Period, Storage Period, Etc. As Per The Regulations, Periods As Prescribed In The Regulatory Provisions Are Considered To Be Maximum Storage Periods.

3.3.2.   Destruction Periods

TEKPAN Deletes, Destroys Or Anonymizes Personal Data In The Very First Periodical Destruction Process Following The Date When Its Obligation Of Deleting, Destroying Or Anonymizing Personal Data For Which It Is Responsible As Per The Act, Relevant Regulations, Processing And Protection Of Personal Data Policy And This Storage And Destruction Of Personal Data Policy Has Occurred.

When The Relevant Person Files An Application With TEKPAN Basing Upon The Article 13 Of The Act And Requests The Personal Data Belonging To Him To Be Deleted Or Destroyed,

  1. if All Of The Conditions For Processing Personal Data Have Ceased To Exist, Then TEKPAN Deletes, Destroys Or Anonymizes Any Personal Data By Any Proper Destruction Method By Disclosing The Reasons Thereof Not Later Than 30 (thirty) Days Following The Date When It Receives Such Request. In Order For TEKPAN To Be Deemed To Have Received The Request, The Relevant Person Should Have Filed His Request Pursuant To The Processing And Protection Of Personal Data Policy. At All Events, TEKPAN Provides The Relevant Person With Information About The Procedure Carried Out.
  1. In The Event That All Of The Conditions For Processing Personal Data Have Not Ceased To Exist, Then Such Request May Be Denied By TEKPAN By Disclosing The Reason Thereof As Per The Third Paragraph Of The Article 13 Of The Act And The Relevant Person Is Notified Of The Denial Reply In Writing Or Electronically Not Later Than Thirty Days.

3.4. PERIODICAL DESTRUCTION

In The Event That All Of The Processing Conditions Of Personal Data As Contained In The Act Have Ceased To Exist, Then TEKPAN Deletes, Destroys Or Anonymize Those Personal Data Of Which Processing Conditions Have Ceased To Exist By A Process Specified In This Storage And Destruction Of Personal Data Policy And To Be Carried Out Ex Officio At Recurring Intervals.

Term For Periodical Destruction Has Been Fixed As 6 (six) Months.

3.5. INSPECTION OF LEGALITY OF THE DESTRUCTION PROCESS

TEKPAN Carries Out Any Destruction Operations Which It Accomplishes Both Upon Request And In Its Own Initiative During The Periodical Destruction Operations Pursuant To The Act, Other Regulations, Processing And Protection Of Personal Data Policy And This Storage And Destruction Of Personal Data Policy.

TEKPAN Takes Some Administrative And Technical Measures In Order To Make Sure That Destruction Operations Are Carried Out In Accordance With Such Regulations.

3.5.1. Technical Measures

  • TEKPAN Maintains Technical Devices And Equipment Suitable For Each Destruction Method Contained In This Policy.
  • TEKPAN Provides The Security Of The Place Where Destruction Operations Take Place.
  • TEKPAN Keeps Access Records Of The People Carrying Out Destruction Operation.
  • TEKPAN Either Employs Competent And Experienced Personnel Who Will Carry Out The Destruction Operation Or Purchases Services From Any Competent Third Parties When Necessary.

3.5.2. Administrative Measures

  • TEKPAN Performs Works In Order To Enhance The Awareness Of Its Employees Who Will Carry Out The Destruction Operation And Make Them Conscious About Information Security, Personal Data And Privacy Of Life.
  • TEKPAN Purchases Legal And Technical Consultancy Services In Order To Follow Up Any Developments In Information Security, Privacy Of Life, Protection Of Personal Data And Safe Destruction Techniques And Take Any Necessary Actions.
  • In Cases Where TEKPAN Causes Any Third Parties To Carry Out The Destruction Operation Due To Technical Or Legal Requirements, It Signs Protocols With Such Third Parties In Order To Protect The Personal Data And Takes All Necessary Care So That Any Relevant Third Party Will Comply With Their Obligations In Such Protocols.
  • TEKPAN Regularly Inspects Whether Or Not The Destruction Operations Are Carried Out Pursuant To Law And The Conditions And Obligations As Stipulated In The Storage And Destruction Of Personal Data Policy And Takes Any Necessary Actions.
  • TEKPAN Records Any And All Operations Carried Out In Connection With The Deletion, Destruction And Anonymization Of Personal Data And Maintains Such Records For A Minimum Period Of Three Years, Excluding Its Other Legal Obligations.

SECTION 4: PERSONAL DATA COMMITTEE

TEKPAN Establishes A Personal Data Committee Within Its Organisation. The Personal Data Committee Is Authorised And Assigned To Carry Out/cause To Carry Out Any Operations Necessary For The Storage And Processing Personal Data Of Relevant People Pursuant To Law, The Processing And Protection Of Personal Data  Policy And The Storage And Destruction Of Personal Data Policy And To Control The Processes.

The Personal Data Committee Is Composed Of Three People Including A Manager, An Administrative Specialist And A Technical Specialist. Positions And Job Descriptions Of The TEKPAN Personnel Assigned In The Personal Data Committee Are Given Below:

Personal Data Committee Manager   : Is Obliged To Direct The Works For Planning, Analysis, Research, Risk Identification In Any Projects Implemented In The Process Of Compliance With Law; To Manage The Processes Required To Implement As Per The Act, Processing And Protection Of Personal Data Policy And Storage And Destruction Of Personal Data Policy And To Decide Upon The Requests From Relevant People.

PDP Specialist (Technical And Administrative)                                 : Is Responsible For Reviewing The Requests From Relevant People And Reporting The Same To The Manager Of The Personal Data Committee For Assessment; For Fulfilling Any Procedures Concerning The Request Of Relevant People Assessed And Decided Upon By The Manager Of The Personal Data Committee As Per The Decision Of The Manager Of The Personal Data Committee; For Inspecting The Storage And Destruction Processes And Reporting Such Inspections To The Manager Of The Personal Data Committee And Implementing The Storage And Destruction Processes.

SECTION 5: PUBLICATION AND STORAGE OF THE POLICY

This Policy Is Published In Two Different Media Being Wet Signed (printed Paper) And Electronic Media And Made Public In The Website. Printed Hardcopy Is Kept At TEKPAN.

SECTION 6: UPDATING AND ADAPTATION

TEKPAN Reserves Its Right To Make Modifications In The Processing And Protection Of Personal Data Policy Or In This Storage And Destruction Of Personal Data Policy Due To Any Amendments Made To The Act, As Per The Company Decisions Or In Accordance With The Developments In The Industry Or In The Area Of Informatics.  

Any Modifications Made In This Storage And Destruction Of Personal Data Policy Are Immediately Entered In The Text And Explanations Regarding Such Modifications Are Given At The End Of The Policy. 

SECTION 7: EFFECTIVE DATE OF THE POLICY

This Policy Is Deemed To Have Become Effective Once It Has Been Published In The Website Of TEKPAN.