All transactions regarding the deletion, destruction and anonymization of personal data are recorded and these records are kept for at least three years, excluding other legal obligations.
Regarding the monitoring of the periodical destruction process, Sarmaşık Giyim is obliged to register with the Data Controllers Registry before processing the data, and to take all administrative and technical measures throughout the process.
EMPLOYEE
Within the scope of the PDP Law, Sarmaşık Giyim, as the data controller, provided the necessary personnel training on the Protection of Personal Data, and informed the employees and those in charge about the destruction processes.
In this context, each department manager will be obliged to supervise whether the Relevant Users in the departments act in accordance with this Policy and Personal Data Policy prepared within the framework of the Law and Regulation. All department managers will report the transactions they perform in accordance with this Policy during the specified periodical destruction periods to the Information Processing Manager. The IT Manager will present the audit and transaction reports of all department managers to the Board of Directors at the meetings. In cases where a decision needs to be taken, the decision taken after the decision of the Board of Directors after taking the opinion of the IT Manager will be put into practice.
APPLICATION OF THE RELATED PERSON
The person concerned may request the deletion or destruction of their personal data by applying to Sarmaşık Giyim with an application petition attached to the Personal Data Policy, pursuant to Article 13 of the PDP Law and Article 12 of the Regulation.
If all the conditions for processing personal data have disappeared; The data controller deletes, destroys or anonymizes the personal data subject to the request. The data controller finalizes the request of the data subject within thirty days at the latest and informs the data subject.
If all the conditions for processing personal data have been removed and the personal data subject to the request has been transferred to third parties, the data controller notifies the third party; It ensures that the necessary actions are taken within the scope of the Regulation before the third party.
If all the conditions for processing personal data are not eliminated, this request may be rejected by the data controller by explaining the reason, and the refusal is notified to the relevant person in writing or electronically within thirty days at the latest.
Sarmaşık Giyim may refuse to delete the personal data of the data controller for the following reasons:
(1) Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.
(2) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
(3) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.
(4) Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
(5) The processing of personal data is necessary for the prevention of crime or for criminal investigation.
(6) Processing of personal data made public by the personal data owner.
(7) Personal data processing is required by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution based on the authority granted by the law.
(8) The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
(9) The possibility that the request of the personal data owner may prevent the rights and freedoms of other persons
(10) Requests that require disproportionate effort have been made
(11) The requested information is publicly available information.
Exercise of Personal Data Owner's Rights
By filling in and signing an application petition attached to the Personal Data Policy, with the information and documents that will identify their requests regarding their rights in this section, and with the methods specified below or other methods determined by the Personal Data Protection Board.
They will be able to send to Sarmaşık Giyim free of charge:
(a) an E-mail to be sent to the E-mail address [email protected] ,
(b) Ehlibeyt Mah. 6.Sokak No:25-B Balgat Çankaya/ANKARA in person or by sending an Application Form through a notary public.
In order for third parties to apply on behalf of personal data owners, a special power of attorney issued by the data owner through a notary public on behalf of the person to apply must be present.
Right of Personal Data Owner to Complain to the PDP Board
In cases where the application is rejected, the response given is insufficient, or the application is not answered in due time, in accordance with Article 14 of the Personal Data Owner PDP Law; Sarmaşık Giyim can make a complaint to the PDP Board within thirty days from the date of learning the answer and in any case within sixty days from the date of application.
Information that Sarmaşık Giyim may request from the Applicant Personal Data Owner
Sarmaşık Giyim may request information from the person concerned in order to determine whether the applicant has personal data. Sarmaşık Giyim may ask questions about the application of the personal data owner in order to clarify the issues in the application of the personal data owner.
ATTACHMENTS
APPENDIX 1-Data Retention and Disposal Periods