PERSONAL DATA LIGHTING TEXT / PERSONAL DATA PROTECTION AND DISPOSAL POLICY
1- Purpose and Scope of the Policy
In order to comply with the Law on Protection of Personal Data No. 6698 published in the Official Gazette dated 07.04.2016 and numbered 29677 and the relevant legal regulations, the procedures and principles adopted and to be applied are regulated by this Personal Data Protection Policy, within the scope of the disclosure obligation of the data controller.
It is carried out within the framework of the legal regulations in force regarding the processing and protection of personal data. BEYSU KONAKLARI SITE MANAGEMENT Personal Data Protection Policy has been prepared in accordance with current regulations. This Policy has been created by integrating with the rules set forth by the relevant legislation and BEYSU KONAKLARI SITE MANAGEMENT practices. Personal data specified below; When necessary, it will be transferred to the physical archives and information systems of our Site, which can be processed within the framework of the provisions of the relevant legislation. As a result, Personal data will be protected in both digital and physical environments for an appropriate period of time, taking into account the legal periods defined in the institutional procedures.
In this Personal Data Processing Policy; Regarding the personal data processed by BEYSU KONAKLARI SITE MANAGEMENT; -Data category, -Personal data processing purposes and legal reason, -Recipient/recipient groups transferred, -Data subject groups, -Maximum storage period required for the purposes for which personal data is processed, -Personal data intended to be transferred to foreign countries, -Data security The technical and administrative measures taken regarding this issue are explained in detail.
BEYSU KONAKLARI SITE MANAGEMENT, Complying with the KVKK and other relevant regulations, and processing, using, destroying, transferring personal data in accordance with the Law and other regulations, and in accordance with the procedures and processes set forth in this Policy. will behave.
Definitions
Concept
Definition
Personal Data:
Any information relating to an identified or identifiable natural person.
Personal health data:
It means all kinds of information about the physical and mental health of an identified or identifiable natural person, and information about the health service provided to the person.
Special Qualified Personal Data:
The data and biometric data related to the race, dress and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures are special personal data.
Open Consent:
Consent on a specific subject, based on the information of the person concerned and expressed with the free will of the person concerned.
Buyer Group:
The category of natural or legal person to whom personal data is transferred by the data controller.
Anonymization:
Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
De-identification:
Personal data; Processing it in a way that cannot be associated with the person concerned, provided that technical and administrative measures are taken so that it cannot be associated with an identified or identifiable natural person, and without combining it with other data stored in a different environment.
Open data:
Anonymized data, which is made available to everyone on the internet free of charge or not exceeding the cost of preparation, does not have any intellectual property rights on it and can be used freely for any purpose, can be read by machines and thus can work with other data and systems,
Open health data:
Health data turned into open data,
Masking:
Processes such as erasing, scratching, painting and starring certain areas of personal data in a way that cannot be associated with an identified or identifiable natural person.
Destruction of personal data:
Deletion, destruction or anonymization of personal data.
Annihilation:
The process of making personal data inaccessible, irretrievable and unusable by anyone in any way.
Periodic Disposal:
The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the law are eliminated.
Blackout:
It is the process of scratching, painting and icing all of the personal data in such a way that it cannot be associated with an identified or identifiable natural person.
Destruction of personal data:
The process of making personal data inaccessible, unrecoverable and reusable by anyone,
Deletion of personal data:
The process of making personal data inaccessible and unusable for the relevant users in any way,
Direct Identifiers:
By themselves, identifiers that directly reveal, reveal and distinguish the person with whom they are in a relationship.
Indirect Identifiers:
Identifiers that combine with other identifiers to reveal, reveal and distinguish the person with whom they are in a relationship.
Law:
Law on Protection of Personal Data dated 24.03.2016 and numbered 6698.
Related User:
Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.
Recording Media:
Any environment where personal data is processed wholly or partially automatically or by non-automatic means provided that it is a part of any data recording system.
Personal Data Processing Inventory:
Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which is created by associating the personal data with the purposes of processing, the data category, the transferred recipient group and the data subject group, by explaining the maximum time required for the purposes for which the personal data is processed, and the measures taken regarding data security.
Processing of Personal Data:
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on the data, such as blocking.
Board:
Personal Data Protection Board.
Record:
Data controllers registry (VERBIS) kept by the Personal Data Protection Authority.
Data Recording System:
The registration system in which personal data is processed and structured according to certain criteria.
Data Controller:
The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Processor:
They are natural or legal persons outside the organization of the data controller who process personal data on behalf of the data controller based on the authority granted by the data controller.
Contact Person:
It is the person responsible for ensuring the communication between the data controller and the relevant person or the Personal Data Protection Authority. If the data controller is a legal person residing in Turkey, he/she has to appoint a contact person and process the information of this contact person assigned during registration in the Data Controllers Registry to VERBIS.
Personal Data Owner:
The natural person whose personal data is processed (Relevant Person).
Third Party:
Third-party real persons (For example, employees or officials of the company from which the service is received) in order to ensure the security of commercial transactions between our site and the above-mentioned parties or to protect the rights of the said persons and to obtain benefits.
Visitor:
Real persons who have entered the physical areas owned by our institution for various purposes or visited our websites
2- Principles of Processing Personal Data
It carries out personal data processing activities within the framework of the principles and principles listed below in accordance with Article 4 of the KVKK, which regulates the procedures and principles regarding the processing of personal data.
a. Compliance with Law and Integrity
BEYSU KONAKLARI SITE MANAGEMENT processes the personal data of site residents, employees and visitors in accordance with the KVKK and other laws and regulations that must be complied with as per the work done.
b. Being Accurate and Up-to-Date
BEYSU KONAKLARI SITE MANAGEMENT carries out the necessary procedures and takes technical and administrative measures to update the personal data, if the personal data provided by the data owner is not changed without permission and untrue, and if there is a change in the processed data, if requested by the data owner.
c. Processing for Specific, Explicit and Legitimate Purposes
Personal data processed by BEYSU KONAKLARI SITE MANAGEMENT are processed in accordance with the declared processing purpose and within the framework declared.
D. Connected, Limited, and Measured for the Purpose of Processing
BEYSU KONAKLARI SITE MANAGEMENT does not process personal data that does not overlap with the activities of the site, is not required within the framework of the site activities and exceeds the purpose of processing.
to. Retention for the Time Required for the Purpose of Processing or Envisioned in the Relevant Legislation
Your data, which is processed in accordance with the KVKK within the framework of KVKK, in connection with our activities and service purposes undertaken by the Property Ownership Law No. 634 and other relevant legislation, and in a measured manner, as required by the nature of the personal data envisaged in the relevant legislation or processed, which must be kept within the framework of the legislation. are preserved for a period of time.
3- Personal Data Processing Conditions and Exceptional Circumstances
Personal data of general nature to be processed in accordance with the KVKK, in connection with our activities and service purposes, undertaken by BEYSU KONAKLARI SITE MANAGEMENT with the Law No. 634 on Condominium Ownership and other relevant legislation;
-
Provided that the explicit consent of the data owner is obtained, or
-
expressly stipulated in the law,
-
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract.
-
Obligatory for the data controller to fulfill its legal obligation
-
made public by the person concerned,
-
Data processing is mandatory for the establishment, exercise or protection of a right,
-
Provided that it does not harm the fundamental rights and freedoms of the data subject, it can be processed without the explicit consent of the data owner, if there is one of the cases where data is mandatory for the legitimate interests of the data controller.
in accordance with KVKK, in connection with our activities and service purposes undertaken by the Condominium Law No. 634 and other relevant legislation, BEYSU KONAKLARI SITE MANAGEMENT (Site Management)_cc781905-5cde-3194-bb358_bad5 Special categories of personal data to be processed within the framework of its activities;
-
It will not be processed unless the explicit consent of the data owner is obtained,
-
Except for sensitive personal data related to health and sexual life, it can be processed without the explicit consent of the data owner in cases stipulated by the laws,
4- Personal Data Classification
Personal Data
data set
Explanation
Credential:
Employee/ Resident/ Visitor
Written on your identity card; Name, surname, mother's name, father's name, place of birth, date of birth, marital status, religion, blood group, registered province, district and neighborhood and the information written on your identity card without being limited to these.
Contact Information:
Employee/ Resident/ Visitor
Contact data such as home phone number, mobile phone number, residential or other address information, e-mail address.
Personal Information:
Worker
Copy of Identity Card/Driver's License/Passport/ID,
Identity registration sample, Certificate of Residence, Health report, Photocopy of diploma, Criminal record record, Passport photograph, Document stating family status, Military status document, Employment Contract / Service Contract, SSI employment entry declaration, Your criminal record (criminal record), Your health status Information and documents related to permit dataMilitary information, Driver's license information
Bank Account Information:
Employee/ Resident
Bank account number, IBAN number, other information.
Background Information:
Employee / Employee Candidate
Your education information, school information about your education, certificate information, education status and information about your education, written in your CV or requested by BEYSU KONAKLARI SITE MANAGEMENT or given by you,
Place, date and duration of your work experience, information about your previous job and task, all kinds of information about your work experience written in your CV or requested by BEYSU KONAKLARI SITE MANAGEMENT or given by you,
Your photo written in your CV or requested by BEYSU KONAKLARI SITE MANAGEMENT or given by you,
Your driver's license written in your CV or requested by BEYSU KONAKLARI SITE MANAGEMENT or given by you and the information in your driver's license,
Information about your references and references written in your CV or requested by BEYSU KONAKLARI SITE MANAGEMENT or given by you.
Visitor Information:
Visitor
Name, surname, visiting hours, license plate, if any, of visitors to our site, and other information.
5- Purpose and Methods of Personal Data Processing
BEYSU KONAKLARI SITE MANAGEMENT, which works on site management services, needs the processing of Personal data when both directly fulfilling its legal obligations and indirectly required by these obligations and the services provided. In this sense, your personal data is processed by BEYSU KONAKLARI SITE MANAGEMENT in accordance with the legislation, in connection with our activities and service purposes undertaken by the Law No. 634 on Condominium Ownership and other relevant legislation, and in accordance with the legislation.
Regarding the Personal Data of the Residents
In order to fulfill the security and management requirements;
-
Communicating with the residents of the site, sharing the legal processes Creating an invoice record
-
Providing follow-up
-
To inform about the site via e-mail or sms (breakdown, complaint, election etc.)
-
For dues and energy consumption collection
-
Resident proof of residence
-
On-site parking layout
-
Provide visitor tracking
-
Ensuring the card printing process
-
Access control to the site / social facility
-
Keeping and deleting vehicle registration OGS registration
-
To generate statistics
-
Maintaining site registration and utility records
-
Input definition between blocks
-
your business addresses
-
Water, natural gas and electricity consumption
-
Deed information of your residence on our site
-
The rental contract of your house you have rented on our site.
-
Name and surname of your permanent guests
-
Name and surname of your employees
-
Identity information of subcontractors from whom you directly receive services for your residence
Also, high resolution video recording is made with cameras in order to ensure security within our site;
-
All of the cameras are visible in common areas (entrances, fences and roads inside the site), there is no hidden camera.
-
Camera recordings are also made in the management office and social facilities.
-
Regarding Personal Data of Visitors
-
Images of people visiting our site within the framework of camera viewing and recording activities carried out in order to ensure order and security within the site,
-
In order to ensure the security of BEYSU KONAKLARI SITE MANAGEMENT, video surveillance and recording of vehicles entering the parking lot,
-
In order to identify the relevant person in case of any dispute/tort or other situation, visitor forms signed during the visit to our site and visitor list records kept in the site system and visitor information can be processed.
Regarding Personal Data of Employee Candidates
-
BEYSU KONAKLARI SITE MANAGEMENT and initiating, executing and terminating recruitment processes in workplaces, recording recruitment processes and monitoring and improving recruitment processes and procedures,
-
Checking the suitability for the job by forwarding job applications and resumes to the appropriate departments and units and proceeding to the interview process,
-
Determining and examining whether you provide the sufficient and necessary qualifications for the job you are applying for at the time of job application, during the job application process and during any process to be made during the job application,
-
Searching for your references and getting references about you,
-
Being able to contact you as a result of the evaluation made at the end of the job application process,
-
If a suitable position is opened later, you can be informed about the job opportunity by making the necessary evaluations again,
-
BEYSU KONAKLARI's CV information, identity information, contact information and other personal data of the employee candidates are processed in line with the purposes and methods of monitoring and recording with cameras in order to ensure order and security within the SITE.
In Terms of Employee Personal Data
Your personal data may be processed by BEYSU KONAKLARI SITE MANAGEMENT for similar purposes and reasons such as but not limited to the purposes and legal reasons stated below.
Fulfillment of the purpose necessary for the performance of the employment contract, in particular
-
Leave approval of employees, viewing balance leaves, making leave arrangements
-
Execution of employee exit procedures
-
Ensuring payroll processing
-
Making salary payments to employees
In order to fulfill the requirements within the scope of Labor Law, Occupational Health and Safety Law, Social Security Law and related legislation and other laws and regulations, in particular;
-
Creation of personnel file
-
SSI notifications, İŞKUR notifications, police station notification, incentive and legal liability notification
-
Ensuring the opening of a compulsory private pension insurance account
-
Checking the entry and exit records of the employees and determining the match of the camera records with the door entry and exit records for R&D
-
Calculating incentives for R&D
-
Payment of employee salary lien deductions to executive files
-
Making legal notifications of work accident
-
Occupational health and safety procedures
-
To comply with other information retention, reporting and disclosure obligations stipulated by the legislation, relevant regulatory institutions and other authorities.
-
Fulfillment of court orders
In addition, especially for the purpose of ensuring security within the site; _cc781905-5cdeb-581905ccb-1363594bd 136bad5cf58d_
-
Ensuring workplace safety
-
Camera viewing and recording in order to ensure order and security within the site,
-
It is determined that the electronic devices provided by BEYSU KONAKLARI SITE are used in accordance with the purpose of supply and monitoring them in order to ensure their safety.
6-Ensuring the Security of Personal Data
As BEYSU KONAKLARI SITE MANAGEMENT, we carry out the necessary administrative and technical measures within the framework of the necessary technological infrastructure to ensure the security of your personal data that we process within the framework of the Site activities in accordance with the KVKK and relevant legislation; Accordingly, we take precautions against data breaches, unauthorized access, data loss, unauthorized modification of data and other threats, and perform the necessary controls. Despite all these precautions and measures, if a data breach still occurs, we notify the relevant persons and the KVK Institution as soon as possible without delay and within 72 hours at the latest.
In this context, we identify current risks and threats, train our employees to raise awareness, and determine policies and procedures regarding personal data security. Administrative and technical measures taken by our institution to ensure “data security” pursuant to Article 12 of the KVK Law are listed below and necessary controls are carried out in order to properly implement these measures.
A-Technical Measures Taken to Ensure the Legal Storage of Your Personal Data and the Prevention of Unlawful Processing and Access.
-
Personal data storage, processing and access activities are controlled by established technical systems.
-
The technical measures taken are reported to the person concerned.
-
We work with personnel who are knowledgeable in technical matters.
-
Software and hardware including virus protection and firewall systems and firewalls are used.
-
In order to ensure the safe storage of personal data, backup programs are used in accordance with the law.
-
Accesses to data storage areas where personal data are stored are logged within the framework of Law No. 5651, and inappropriate accesses or access attempts are instantly communicated to the concerned.
B- Administrative Measures Taken to Ensure the Lawful Storage of Personal Data and the Prevention of Unlawful Processing and Access
-
Employees are informed and trained about the protection of personal data and the legal storage and processing of personal data.
-
Personnel who will process, store and access personal data have been identified in the personal data processing inventory and have been appointed as the contact person.
-
In order to meet the legal compliance requirements determined on the basis of departments, awareness is created specifically for the relevant departments and rules of practice are determined; Necessary administrative measures to ensure the control of these issues and the continuity of the application are implemented through on-site policies and trainings.
-
Employees are informed that the personal data they learn cannot be disclosed to others in violation of the provisions of the Personal Data Protection Law No. 6698 and cannot be used for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.
-
Except for the instructions of BEYSU KONAKLARI SITE MANAGEMENT and the exceptions brought by the law, records that impose the obligation not to process, disclose or use personal data are placed in the contracts and documents governing the legal relationship between employees, and the awareness of the employees is created in this regard.
In addition to these, in accordance with the data security principles stipulated within the scope of KVKK, we ensure personal data minimization in order not to process unnecessary data, provide our employees with the necessary training to ensure the security of personal data and prevent violations, and take the necessary measures for the security of personal data stored in the physical environment as well as electronic media.
7- Domestic Use and International Transfer of Personal Data
Personal Data of Site Residents and Visitors
Your personal data obtained by BEYSU KONAKLARI SITE MANAGEMENT, primarily within the framework of the provisions of the KVK Law and other legislation and for the purposes described above; It can be transferred to the relevant institutions within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVK Law.
Your processed personal data; For the purposes listed in Article 2; In accordance with the KVKK and the legislation in force, it can be shared within our Management, but not limited to the ones listed; Our service connections, subcontractors, suppliers, management officials and in line with the purpose of the service we provide, or in cases stipulated by the legislation regarding regulatory, supervisory institutions and official authorities, may be transferred within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVK Law. Within our site, video recordings are made with an appropriate location and number of cameras for security purposes; Depending on the purpose listed in article 2, this collected data is not transferred to third parties, except for the request of judicial authorities and security forces within the scope of KVKK.
Personal Data of Employees
Security and personal data to employees in order for our Site to fulfill its obligations before the law, Labor Law, Occupational Health and Safety Law, Social Insurance and General Health Insurance Law, Regulation of Publications Made on the Internet and Fighting Against Crimes Committed Through These Publications, Turkish Commercial Code Relevant institutions or organizations to the extent permitted and required by the Law on the Protection of Personal Data No. 6698, the Law on Notification of Identity and, but not limited to, other legislation; It can be shared with public legal entities such as Personal Data Protection Authority, Ministry of Finance, Ministry of Customs and Trade, Ministry of Labor and Social Security, Turkish Employment Agency (İş-Kur), Information Technologies and Communications Authority. For example; Personal data of employees are shared with the Social Security Institution in order to pay employee and employer premiums.
In addition, personal data of employees; Fulfilling the purpose required for the performance of the employment contract, especially;
-
We can process it in the Logo accounting program for the purpose of executing the payroll transactions and updating the relevant data. These data are stored in the application's own data recording medium.
In particular, in order to fulfill the requirements within the scope of the Labor Law, the Occupational Health and Safety Law, the Social Security Law and related legislation and other laws and regulations;
-
We can share health data with our workplace physician so that he or she can perform treatment and health checks.
-
We can transfer payroll information to site auditors so that they can perform audit activities.
In order to ensure security in the site in particular;
-
We can transfer the workplace to the building management for the supervision of entrances and exits for workplace safety.
In particular, due to fulfilling our legal obligations;
-
In order for us to exercise our right of defense, we may share it with our lawyers and relevant institutions within the framework of our obligation to fulfill legal requests such as court orders or requests for evidence, provided that it is in accordance with the law and procedure.
For the purpose of administering the site, conducting the business, implementing the site policies, in particular;
-
In order to preserve the data storage capacity of the site, it can be transferred to archive companies so that it can be stored during the retention periods.
8- Retention Periods of Personal Data
Personal data processed in the organization within the framework of its activities are kept for the period stipulated in the relevant legislation. In this context, personal data;
-
Law No. 6698 on the Protection of Personal Data,
-
Turkish Code of Obligations No. 6098,
-
Arrangement of Publications on the Internet No. 5651 and These Publications
-
Law on Combating Crimes Committed by
-
Occupational Health and Safety Law No. 6331,
-
Law on Access to Information No. 4982,
-
Law No. 3071 on the Use of the Right to Petition,
-
Labor Law No. 4857,
-
Regarding Health and Safety Measures to be Taken in Workplace Buildings and Attachments
-
It is stored as long as the storage periods stipulated in the framework of other secondary regulations in force in accordance with these laws.
Data Source
Storage Time
Source
Personal Data Protection Board Transactions
10 years
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Contracts
10 Years From The Termination Of The Agreement
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Institution Communication Activities
10 Years From End of Activity
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Human Resources Processes
10 Years From End of Activity
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Log Tracking Systems
10 years
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Hardware and Software Access Processes
2 years
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Camera Recordings
2 years
Personal Data Protection Authority Personal Data Retention and Destruction Policy Published by KVKK
Data Stored under the Labor Law (For example, severance pay, notice indemnity, bad faith compensation, information that may be subject to compensation for violation of the principle of equal treatment, payroll records, number of annual leave days, etc.)
10 Years from the end of the Business Relationship
Labor Law No. 4857 and Related Legislation
Data on Personal Files Stored under the Labor Law
10 Years from the end of the Business Relationship
Labor Law No. 4857 and Related Legislation / Turkish Code of Obligations No. 6098
Data that may be the subject of union compensation from the data stored within the scope of the Labor Law (For example: Performance records, disciplinary penalties, termination documents, etc.)
10 Years from the end of the Business Relationship
Turkish Code of Obligations No. 6098
Data Collected within the Scope of Occupational Health and Safety Legislation (For example: Employment health tests, health reports, OHS Trainings, Occupational Health and Safety activities records, etc.)
15 Years from the end of the Business Relationship
Occupational Health and Safety Law No. 6331, Occupational Health and Safety Services Regulation
Data kept within the scope of SSI Legislation (Ex: employment declarations, bonus/service documents etc.)
10 Years from the end of the Business Relationship
Social Insurance and General Health Insurance Law No. 5510 and Related Legislation
Pursuant to Labor Law: Responding to court/executive information requests regarding the employee
10 Years from the end of the Business Relationship
Labor Law No. 4857 and Related Legislation
Visitor
It is stored for 1 year.
Related Legislation
9-Destruction of Personal Data
-
Personal data processed within the framework of the activities of BEYSU KONAKLARI SITE MANAGEMENT are stored within the framework of the purpose of processing and for the periods required to achieve this purpose and for the storage periods stipulated in the framework of the relevant legislation.
-
The data that has lost its function, whose storage period has expired, and which is requested to be destroyed by the data owner, if possible within the framework of the legislation, is destroyed by using the appropriate method of deletion, destruction or anonymization of the personal data listed in Article 7 of the KVKK.
-
The transactions will be carried out in accordance with the period, procedures and principles specified in the "Regulation on the Deletion, Destruction or Anonymization of Personal Data", "Regulation on the Processing and Confidentiality of Personal Health Data" and "Regulation on Personal Health Data".
-
BEYSU KONAKLARI SITE MANAGEMENT has determined the period of periodic destruction as 6 months. Accordingly, periodic destruction is performed in relation to the data whose storage period expires in June and December every year at the Institution.
-
All transactions regarding the deletion, destruction or anonymization of personal data are recorded and these records are kept for at least three years, excluding other legal obligations.
10- Environments where Personal Data is Recorded
Personal data belonging to data owners, provincial personal health data are securely stored in the following environments in accordance with KVKK and relevant legislation.
-
Electronic Media :, Personnel Computers.
-
Physical Environments _cc781905-5cde-3194_cfcf358d1936bad5cf358d_cc781905-cc358d_cc781905-cc35819bad5cf58d_ _cc781905-5cf358d133655cf3581994 -3194-bb3b-136bad5cf58d_ : Physical environments in administrative areas in Site Management Internal Archive, External Archive, Site Management departments.
11- Persons Managing and Working in the Process of Storage and Disposal of Personal Data
Authorized and responsible persons involved in the storage and destruction of personal data and personal health data have been identified and appointed as contact persons.
12- Technical and Administrative Measures Taken for the Legal Disposal of Personal Data
-
Secure Deletion from Software: While deleting data processed by fully or partially automated means and stored in digital media; Methods for deleting the data from the relevant software are used so that it cannot be accessed and reused in any way for the relevant users.
-
Deletion of Relevant Data in the Cloud System by Giving the Delete Command: Removing the access rights of the relevant user on the file on the central server or the directory where the file is located; deletion of related rows in databases with database commands; Deleting the data in portable media, ie flashdisk media, using appropriate software may be considered within this scope.
However, if the deletion of personal data will result in the inaccessibility of other data within the system and the inability to use this data, the personal data will also be deemed deleted if the personal data is archived in a way that cannot be associated with the data subject, provided that the following conditions are met.
-
Being closed to the access of any other institution, organization or person,
-
Taking all necessary technical and administrative measures to ensure that personal data can only be accessed by authorized persons.
-
Secure Deletion by Expert: In some cases, BEYSU KONAKLARI SITE MANAGEMENT may agree with an expert to delete personal data on its behalf. In this case, the personal data will be securely deleted by the person who is an expert on this subject so that it cannot be accessed and reused in any way for the Relevant Users.
-
Blackening of Personal Data in Paper Media: It is the method of physically cutting and removing the relevant personal data from the document in order to prevent the unintended use of personal data or to delete the data requested to be deleted, or to make them invisible by using fixed ink, which cannot be returned and read with technological solutions. When necessary, personal data in paper media can be destroyed by using this method.
-
Physical Destruction: Personal data can also be processed by non-automatic means, provided that they are part of any data recording system. While such data is destroyed, a system of physical destruction of personal data is applied so that it cannot be used later. The destruction of data in paper and microfiche media is also carried out in this way, since it is not possible to destroy them in any other way. Paper shredding and document shredding machines can be used for this purpose.
During the realization of the situations listed above, full compliance with the provisions of the KVKK, the Regulation and other relevant legislation is ensured in order to ensure data security and all necessary administrative and technical measures are taken.
13- Periodic Destruction Period of Personal Data
BEYSU KONAKLARI SITE MANAGEMENT anonymizes personal data that has expired and does not have any other data processing purpose that requires the storage of personal data, within 180 days (6 months) following the expiry of the storage period.
Personal data under the responsibility of BEYSU KONAKLARI SITE MANAGEMENT will be checked periodically, and those whose processing conditions have not been completely eliminated will be deleted, destroyed or anonymized.
Your personal data will be deleted, destroyed or anonymized in the first periodical destruction process following the date on which the obligation to delete, destroy, de-identify or anonymize personal data arises. This period will probably not exceed six months.
In the event that irreparable or impossible damages arise and there is a clear violation of the law, the Board may shorten the period specified in this article. In this case, the deletion process will be carried out not to exceed the new period to be determined by the board.
14- Periods for Ex officio Deletion, Destruction or Anonymization of Personal Data
Your personal data will be deleted, destroyed or anonymized in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises. This period will probably not exceed six months. In the event that irreparable or impossible damages arise and there is a clear violation of the law, the Board may shorten the period specified in this article.
15- Periods to be Applied to the Request for the Deletion, Destruction or Anonymization of the Personal Data of the Data Owner
The data owner submits his requests regarding the implementation of the Law to the BEYSU KONAKLARI SITE MANAGEMENT in writing or by other methods to be determined by the Board. BEYSU KONAKLARI SITE MANAGEMENT accepts the request or rejects it by explaining its reason and notifies the relevant person in writing or electronically as soon as possible and within 30 days at the latest. If the request in the application is accepted, the necessary will be fulfilled.
If the processing conditions of the personal data subject to the request are no longer valid, the personal data subject to the request is deleted, destroyed, de-identified or anonymized.
The appropriate method of deleting, destroying or anonymizing personal data ex officio will be selected by BEYSU KONAKLARI SITE MANAGEMENT. Upon the request of the relevant person, BEYSU KONAKLARI SITE MANAGEMENT chooses the appropriate method by explaining the reason.
If the personal data subject to the request has been transferred to third parties, this will be notified to the third party; It will be ensured that the necessary actions are taken within the scope of the Regulation on the Deletion, Destruction or Anonymization of Personal Data before the third party.
16- Rights of Personal Data Owner
Regarding the personal data processed within the scope of the activities of BEYSU KONAKLARI SITE MANAGEMENT, the data owner can apply to BEYSU KONAKLARI SITE MANAGEMENT within the framework of your rights numbered in Article 11 of the KVVK and Article 10 of the Regulation;
-
Learning whether personal data and/or personal health data are processed,
-
If personal data and/or personal health data have been processed, requesting information regarding this,
-
Accessing and requesting personal health data,
-
Learning the purpose of processing personal data and/or personal health data and whether they are used in accordance with their purpose,
-
Requesting correction of personal data and/or personal health data in case of incomplete or incorrect processing,
-
Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK and the deletion of personal health data within the framework of the conditions stipulated in the amended Article 9 of the Regulation,
-
Requesting notification of the transactions made in accordance with the principles set forth in subparagraphs (f) and (g) of this article, to third parties to whom personal data/personal health data have been transferred,
-
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
-
In the event that personal data is damaged due to unlawful processing, it has the right to demand the compensation of the damage.
17- Final Provisions
In the event that the relevant PERSON uses the above-mentioned rights and makes an application to BEYSU KONAKLARI SITE MANAGEMENT, the requests included in the application will be finalized within thirty (30) working days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost for us, the fee in the tariff determined by the Personal Data Protection Board may be requested.
In matters related to the processing of personal data, you can apply by filling out the "Personal Data Request Form" at the website's address internet, using the methods specified in the form and the method suitable for the person concerned.
Click for Personal Data Request Form.
BEYSU KONAKLARI SITE MANAGEMENT CONTACT INFORMATION
Address: _cc781905-5cde-3159cfcf-3135359c-bb358-dc1335359cf58d_ _cc781905-5cde-3159c-1335359c-bb358_d31359cbad_cc781905 -3194-bb3b-136bad5cf58d_ MUTLUKENT MAH. PINAR CD. NO:14 CANKAYA/ANKARA
Phone _cc781905-5cde-3194-bb3b-13625 54f
Web _cc781905-5cde-3159cfcf-3135359c-bb358-d1335359cf58d_ _cc781905-5cde-3178dc_1335359cbad_cc781905c -3194-bb3b-136bad5cf58d_https://www.beysukonaklarisite.com/
Contact Person: SEMA KIRICIOĞLU