Işıksan Automotive Industry. ve Tic. Ltd. Sti.
PERSONAL DATA STORAGE AND DISPOSAL POLICY
LOGIN
1.1 Purpose of the Policy
This storage and destruction policy is signed by Işıksan Otomotiv San. ve Tic. Ltd. Sti. Briefly (“Işıksan Otomotiv”), it has been prepared in order to determine the procedures and principles to be applied by Işıksan Automotive regarding the storage, deletion, destruction or anonymization of personal data held in the capacity of data controller, in accordance with the Law on Protection of Personal Data No. 6698 and other legislation.
In this context, the personal data of employees, employee candidates, customers, visitors and all real persons who have personal data at Işıksan Otomotiv for any reason are managed in accordance with the laws within the framework of Işıksan Otomotiv Personal Data Protection and Processing Policy and this Personal Data Retention and Disposal Policy.
1.2 Scope of the Policy
This policy is valid with company partners, company shareholders, company officials, employees, employee candidates, interns, trainee candidates, company customers, company customers, potential product or service buyers, supplier employees, supplier representatives, visitors, consultants and third parties. It covers all natural persons and their personal data who have personal data before Işıksan Otomotiv for any reason. Işıksan Automotive, by publishing this policy on the internet address www.isiksan.com/kvkk, fulfills its obligation in Article 16 of the Law on the Protection of Personal Data and Article 5 of the Regulation on the Deletion, Destruction or Anonymization of Personal Data. informs data owners.
This Policy is applied in all recording environments where personal data is processed within Işıksan Otomotiv, and in the activities for the processing of personal data by fully or partially automated means or non-automatic means provided that they are part of any data recording system.
1.3 Definitions
Explicit Consent: The declaration of consent given by the data subject to the processing of data about him/her freely, with sufficient knowledge about the subject and limited only to that transaction,
Recipient Group: The natural or legal person category to which personal data is transferred by the data controller,
Electronic Media: Environments where personal data can be created, read, changed and written with electronic devices,
Non-Electronic Media: All written, printed, visual etc. other than electronic media. other environments,
Destruction: Deletion, destruction or anonymization of personal data,
Law: Law on Protection of Personal Data No. 6698,
Recording Environment: Any environment where personal data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system,
Personal Data: Any information relating to an identified or identifiable natural person,
Personal Data Owner/Relevant Person: The real person whose personal data is processed,
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, all kinds of operations carried out on the data, such as the classification or prevention of its use,
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data with the purposes of processing, the data category, the transferred recipient group and the data subject group, explaining the maximum time required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security,
Making Personal Data Anonymous: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data,
Deletion of Personal Data: Making personal data inaccessible and unusable for the relevant users in any way.
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,
Board: Personal Data Protection Board,
Sensitive Personal Data: Data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data,
Periodic Destruction: In the event that all of the personal data processing conditions in the law are eliminated, in the personal data storage and destruction policy.
deletion, destruction or anonymization to be carried out ex officio at specified and recurring intervals,
Policy on the Processing and Protection of Personal Data: The policy that determines the procedures and principles regarding the management of personal data held by Işıksan Otomotiv, which can be accessed at www.isiksan.com/kvkk and this Policy on which they are based for the anonymization process,
Registry: The registry of data controllers kept by the Presidency of the Personal Data Protection Authority,
Company: Işıksan Otomotiv San. ve Tic. Ltd. Sti. (Isiksan Automotive for short)
Data Processor: The natural and legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller;
Data Registration System: The registration system in which personal data is processed and structured according to certain criteria;
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
VERBIS: Data Controllers Registry Information System
Regulation: Refers to the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017. For definitions not included in this Policy, the definitions in the Law and Regulation are valid.
RECORDING ENVIRONMENTS
Personal data is stored safely by Işıksan Otomotiv in the following environments, in accordance with the law.
Table 1: Recording Media
Electronic Media
Non-Electronic Media
§ Network devices,
§ Shared/non-shared disk drives used for data storage on the network Software (office software)
§ Information security devices (firewall, intrusion detection and prevention, log file, anti virus, etc.)
§ Removable Disks (USB, Memory Card etc.)
§ Personal Computers (Desktop, Laptop)
§ Mobile Devices (phone, tablet, etc.)
§ Optical Discs (CD, DVD, etc.)
§ Servers (Domain, backup, email, database, web, file sharing, etc.)
§ Printer, scanner, copier
§ Software (office software)
§ Printer, scanner, copier
§ Archive
§ Paper
§ Manual Data Recording Systems (survey forms, visitor logbook)
§ Written, printed, visual media
§ Unit cabinets.
EXPLANATIONS ON STORAGE AND DISPOSAL
By Işıksan Automotive; company partners, company shareholders, company officials, employees, employee candidates, interns, trainee candidates, company customers, prospective customers, customer representatives and employees, potential product or service buyers, suppliers, supplier employees, supplier representatives, visitors, consultants and third parties , business partners, people who purchase products or services, and all real persons who have personal data at Işıksan Otomotiv for any reason, can be processed, stored and destroyed in accordance with the procedures and principles in the Law, Regulation and relevant legislation.
In this context, explanations regarding storage and disposal are given below.
3.1 Retention Disclosures
In Article 3 of the KVKK, the concept of processing personal data is defined, in Article 4 it is stated that the processed personal data should be related to the purpose for which they are processed, limited and measured, and should be kept for the period required for the purpose for which they are processed or as stipulated in the relevant legislation. processing conditions.
Accordingly, within the framework of Işıksan Otomotiv activities, personal data is stored for a period of time stipulated in the relevant legislation or suitable for our processing purposes.
3.1.1 Legal Grounds for Retention
Personal data processed within the scope of Işıksan Otomotiv activities are kept for the period stipulated in the relevant legislation. Personal data can be processed for the following legal reasons specified in Articles 5 and 6 of the KVKK.
express consent of the person concerned
Explicitly stipulated in laws (Personal Data Protection Law No. 6698, Turkish Code of Obligations No. 6098, Law No. 6502 on Protection of Consumers, Banking Law No. 5411, Regulation on Employment of Disabled, Ex-Convicts and Terrorist Victims, Turkish Commercial Code No. 6102, Tax Procedure No. 213 Law, Regulation on Internet Collective Use Providers, Execution and Bankruptcy Law No. 2004, Social Insurance and General Health Insurance Law No. 5510, Occupational Health and Safety Law No. 6331, Occupational Health and Safety Services Regulation, Labor Law No. 4857, Workplace Buildings and Attachments Regulation on Health and Safety Measures to be Taken, Regulation on Archive Services, Other Regulations in Force Under These Laws)
Being obligatory for the protection of life or bodily integrity of himself or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized.
Be directly involved in the conclusion or performance of a contract
It is necessary to process the personal data of the parties to the contract, provided that the
It is mandatory for the data controller to fulfill its legal obligation.
The fact that the person concerned has been made public by himself
Data processing is mandatory for the establishment, exercise or protection of a right
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
3.1.2. Processing Purposes Requiring Storage
Işıksan Otomotiv stores the personal data it processes within the framework of its activities for the following purposes.
Execution of Emergency Management Processes
Execution of Information Security Processes
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Execution of Application Processes of Employee Candidates
Execution of Employee Satisfaction and Loyalty Processes
Fulfillment of Employment and Legislation Obligations for Employees
Execution of Benefits and Benefits Processes for Employees
Conducting Audit / Ethical Activities
Conducting Educational Activities
Execution of Access Authorizations
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Company / Product / Services Loyalty Processes
Providing Physical Space Security
Execution of Assignment Processes
Follow-up and Execution of Legal Affairs
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution of Communication Activities
Planning of Human Resources Processes
Execution / Supervision of Business Activities
Execution of Occupational Health / Safety Activities
Receiving and Evaluating Suggestions for Improvement of Business Processes
Conducting Business Continuity Ensuring Activities
Ensuring Quality Standards
Controlling Entries and Exits to the Institution Building and Preventing Unauthorized Entrances
Execution of Logistics Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After-Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Activities for Customer Satisfaction
Organization and Event Management
Conducting Marketing Analysis Studies
Execution of Performance Evaluation Processes
Execution of Advertising / Campaign / Promotion Processes
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Conducting Social Responsibility and Civil Society Activities
Execution of Contract Processes
Execution of Sponsorship Activities
Follow-up of Requests / Complaints
Ensuring the Security of Movable Property and Resources
Execution of Supply Chain Management Processes
Execution of Wage Policy
Execution of Marketing Processes of Products / Services
Arranging Product Invoices
Execution of Product Sales Policy
Foreign Personnel Work and Residence Permit Procedures
Execution of Investment Processes
Execution of Talent / Career Development Activities
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Management Activities
Fulfilling the Obligations of the Members of the Board of Directors Arising from the Turkish Commercial Code Legislation
Creating and Tracking Visitor Records
3.2 Reasons for Disposal
Your Personal Data;
Changing or repealing the provisions of the relevant legislation, which are the basis for processing,
The disappearance of the purpose requiring its processing or storage,
In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject withdraws his explicit consent,
Işıksan Otomotiv accepts the application made for the deletion and destruction of personal data within the framework of the rights of the person concerned, pursuant to Article 11 of the KVKK,
Elimination of the processing conditions of personal data in Articles 5 and 6 of the Law,
In cases where Işıksan Automotive rejects the application made by the person concerned with the request for the deletion, destruction or anonymization of his personal data, finds the answer insufficient or does not respond within the time stipulated in the KVKK; Making a complaint to the Board and this request being approved by the Board,
The maximum period for keeping personal data has passed and there are no conditions to justify keeping personal data for a longer period of time,
In such cases, it is deleted, destroyed or ex officio deleted, destroyed or anonymized by Işıksan Automotive upon the request of the person concerned.
PERSONAL DATA DISPOSAL TECHNIQUES
At the end of the storage period required for the period stipulated in the relevant legislation or for the purpose for which they are processed, personal data is destroyed by Işıksan Automotive ex officio or upon the application of the Relevant Person, again in accordance with the provisions of the relevant legislation, with the following techniques.
Unless a contrary decision is taken by the Board, personal data will not be collected automatically.
Işıksan Automotive chooses the appropriate method of deletion, destruction or anonymization. However, upon the request of the person concerned, the appropriate method is chosen by explaining the reason.
4.1 Deletion of Personal Data
Deletion of personal data is the process of making personal data inaccessible and non-reusable for relevant users. Personal data processed by Işıksan Otomotiv are deleted from their recording media in the ways specified in Table 2 below;
Table 2: Deletion of Personal Data
Data Recording Environment
Descriptions
Personal Data on Servers
The system administrator removes the access authorization of the relevant users and deletes the personal data on the servers for those whose period of time has expired.
Personal Data in Electronic Media
Among the personal data in the electronic environment, the ones whose period has expired are rendered inaccessible and non-usable in any way for other employees (related users) except the database administrator.
Personal Data in Physical Environment
Among the personal data kept in the physical environment, it is made inaccessible and non-usable in any way for other employees, except for the unit manager responsible for the document archive, for those whose period of time has expired. In addition, the process of blackening is applied by drawing/painting/erasing in a way that cannot be read.
Personal Data in Portable Media
Of the personal data kept in flash-based storage media, the expired ones are encrypted by the system administrator and the access authorization is given only to the system administrator, and are stored in secure environments with encryption keys.
in the Database
Relevant lines containing personal data are deleted with database commands (DELETE etc.).
On Company Computers
Personal data is accessed by authentication and deleted using operating system commands.
4.2 Destruction of Personal Data
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way. Personal data processed by Işıksan Automotive are destroyed from the recording media in which they are located, as indicated in Table 3 below;
Table 3: Destruction of Personal Data
Data Recording Environment
Descriptions
Personal Data in Physical Environment
Physical Destruction
Of the personal data in the paper environment, the ones that need to be kept are irreversibly destroyed in the document shredders.
Destruction Methods for Personal Data Held in Local Digital Environment
Physical Destruction
It is the process of physically destroying optical and magnetic media containing Personal Data, such as melting, burning or pulverizing. Data is rendered inaccessible by processes such as melting, incinerating, pulverizing or passing through a metal grinder to optical or magnetic media.
Methods of Destroying Personal Data Held in the Cloud
Safely Delete from Software
Personal data kept in the cloud is irrecoverably deleted by digital command, and when the cloud service relationship ends, all copies of encryption keys required to make personal data usable are destroyed. Data deleted in this way cannot be accessed again.
4.3 Anonymization of Personal Data
Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data. Personal data processed by Işıksan Automotive are anonymized from their recording media in the ways specified in Table 4 below;
Table 4: Anonymization of Personal Data
Data Recording Environment
Descriptions
Regional Hiding
It is the process of deleting the information that may be distinctive about the exceptional data in the data table in which the personal data is collected in an anonymous form.
Subtracting Variables
It is the removal of one or more of the direct identifiers included in the personal data of the data subject and which will help to identify the person concerned in any way.
This method can be used to anonymize personal data, or it can also be used for deletion of personal data if there is information that is not suitable for the purpose of data processing.
Generalization
It is the process of bringing together the personal data of many people and turning them into statistical data by removing their distinctive information.
Masking
Data masking is a method of anonymizing personal data by removing the basic identifying information of personal data from the data set.
Data Exchange
Direct or indirect identifiers in personal data are mixed with other values or their relationship with the relevant person is broken and they lose their descriptive qualities.
he cries.
STORAGE AND DISPOSAL TIMES
While determining the retention periods of personal data, the obligations brought by the legal regulations are taken into consideration by Işıksan Otomotiv. Apart from legal regulations, the storage period is determined by taking into account the purposes of processing personal data and Işıksan Otomotiv's legitimate interest in processing such personal data. In this context, first of all, it is determined whether a period is foreseen for the storage of personal data in the relevant legislation. If a period of time is not foreseen in the relevant legislation, personal data are kept for the period required for the purpose for which they are processed. Unless otherwise decided by the Board, the appropriate method of deleting, destroying or anonymizing personal data is chosen by Işıksan Otomotiv.
Table 5: Storage Times
GROUP OF PERSONS WITH DATA PROCESSED
DATA CATEGORY
DATA STORAGE PERIOD
Worker
Identity, Location, Communication, Personnel, Legal Action, Physical Space Security, Process Security, Professional Experience, Audio-Visual Records, Position and Title Data, Employee Relative Information.
It is kept for 10 (ten) years from the termination of the employment contract.
Worker
Health
It is kept for 15 (fifteen) years from the termination of the employment contract. (Occupational Health and Safety Services Regulation Art. 7)
Employee Candidate
Identity, Communication, Legal Action, Professional Experience, Audio-Visual Records, Position and Title Data.
6 months from the date of application for the job, 10 years from the termination of the employment contract
Instructor
Identity, Signature, Finance
1 month from the end of the training
Visitor
Identity, Physical Space Security
6 Months from the date the visitor record was created
Website Visitor
Transaction Security
2 Years from the creation of the record
Product/Service User
Identity, Communication, Transaction Security, Customer Transaction,
Each product/service purchased by the service recipient is kept for 10 (ten) years in accordance with the Turkish Code of Obligations art.146 and Turkish Commercial Code art.82.
Product/Service User
Physical Space Security
6 Months in Ordinary Times, Timeout in Legal Cases
Institutions/Companies with which Işıksan Automotive cooperates (Supplier, Dealer/Franchise)
Identity, Contact Information, Financial Information,
It is kept for 10 years during the business/commercial relationship and after its termination, pursuant to art.146 of the Turkish Code of Obligations and art.82 of the Turkish Commercial Code.
If a longer period is stipulated in accordance with the legislation, or in accordance with the legislation, the statute of limitations, foreclosure period, retention periods, etc. If a longer period is foreseen for the storage period, the periods in the provisions of the legislation are considered as the maximum storage period.
5.1 Disposal Times
Işıksan Otomotiv deletes personal data in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data for which it is responsible in accordance with KVKK, relevant legislation, Personal Data Processing and Protection Policy and this Personal Data Retention and Disposal Policy arises, destroy or anonymize.
When the person concerned requests the deletion or destruction of his personal data by applying to Işıksan Otomotiv, pursuant to Article 13 of the KVKK;
If all the conditions for processing personal data have disappeared; Işıksan Otomotiv deletes, destroys or anonymizes the personal data subject to the request with the appropriate destruction method, explaining the reason within 30 (thirty) days from the day it receives the request. In order for Işıksan Otomotiv to be deemed to have received the request, the person concerned must have made the request in accordance with Işıksan Otomotiv's Personal Data Processing and Protection Policy announced on the official website. Işıksan Automotive informs the relevant person about the transaction in any case.
If all the conditions for processing personal data have not been eliminated, this request may be rejected by Işıksan Automotive by explaining the reason in accordance with the third paragraph of Article 13 of the KVKK, and the refusal is notified to the relevant person in writing or electronically within thirty days at the latest.
5.2 Periodic Disposal
In the event that all the conditions for processing personal data in the law are eliminated; Işıksan Otomotiv deletes, destroys or anonymizes the personal data whose processing conditions have been eliminated, through a process to be carried out ex officio at repetitive intervals as specified in this Personal Data Retention and Disposal Policy.
Işıksan Automotive has determined the period of periodic destruction as 6 months in accordance with Article 11 of the Regulation.
6. TECHNICAL AND ADMINISTRATIVE MEASURES
Adequate measures determined and announced by the Board for special quality personal data pursuant to Article 12 of the KVKK and the fourth paragraph of Article 6 of the KVKK for the safe storage of personal data, the prevention of unlawful processing and access, and the destruction of personal data in accordance with the law. Isiksan Automotive within the framework of technical and administrative
receipts are taken.
6.1 Technical Measures
The technical measures taken by Işıksan Automotive regarding the personal data it processes are listed below.
Network security and application security are provided.
Işıksan Automotive maintains technical tools and equipment suitable for each disposal method in this policy.
With the penetration tests, Işıksan Otomotiv takes necessary precautions by revealing the risks, threats, vulnerabilities and vulnerabilities, if any, regarding information systems.
Risks to prevent unlawful processing of personal data are determined, appropriate technical measures are taken against these risks, and technical controls are carried out for the measures taken.
Inappropriate access or access attempts are kept under control by recording the accesses to the storage areas where personal data is stored.
Işıksan Automotive takes the necessary measures to ensure that the deleted personal data is inaccessible and reusable for the relevant users.
Data backup programs are used to keep personal data safe.
A separate policy has been determined for the security of sensitive personal data.
Special quality personal data security training has been provided for employees involved in special quality personal data processing, confidentiality agreements have been made, and the authorizations of users who have access to data have been defined.
Adequate security measures are taken for physical environments where sensitive personal data is processed, stored and/or accessed, and unauthorized entry and exit is prevented by ensuring physical security.
Training and awareness activities are carried out periodically for employees on data security.
An authorization matrix has been created for employees.
Access logs are kept regularly.
The authorizations of employees who have a change of job or quit their job in this field are removed.
Current anti-virus systems are used.
Firewalls are used.
Physical environments containing personal data are secured against external risks (fire, flood, etc.).
Personal data is reduced as much as possible.
User account management and authorization control system are implemented and these are also followed.
Encryption is done.
6.2 Administrative Measures
The administrative measures taken by Işıksan Automotive regarding the personal data it processes are listed below.
Efforts are being made to increase the awareness and raise awareness of the employees who will carry out the destruction process on information security, personal data and privacy.
Legal and technical consultancy services are provided in order to follow the developments in the fields of information security, privacy, protection of personal data and safe destruction techniques and to take necessary precautions.
In cases where it has the destruction process done by third parties due to technical or legal requirements, it signs a confidentiality agreement with the relevant third parties in order to protect personal data, and shows all necessary care to ensure that the relevant third parties comply with their obligations in this confidentiality agreement.
It periodically monitors whether the disposal operations are carried out in accordance with the law and the conditions and obligations set forth in this Personal Data Retention and Disposal Policy, and takes the necessary measures.
Personal data processing inventory has been prepared.
A disciplinary regulation to be applied for employees who do not comply with security policies and procedures has been prepared.
Periodic and random inspections are carried out within the institution.
Confidentiality agreements are being prepared. Within the scope of confidentiality agreements, additional provisions regarding the protection of personal data are regulated.
KVKK Awareness Trainings are given to Blue Collar/White Collar personnel working within Işıksan Automotive.
Confidentiality Agreements are prepared between Işıksan Automotive, the Data Controller, and the Data Processor.
The person appointed as the Contact Person is announced in the Clarification Texts.
Clarification Texts for Employees/Visitors/Service Recipients are being prepared.
Employment Contracts of the personnel working within Işıksan Automotive are brought into compliance with the KVKK.
Camera Systems Lighting Texts are hung in the form of tables in all places with Camera Systems.
Computer Usage Instructions are prepared for the personnel working in Işıksan Automotive.
Access Restriction is applied in terms of rooms where personal data regarding the personnel working within Işıksan Automotive is stored.
Physical environments containing personal data are secured against external risks (fire, flood, etc.).
Information texts to protect department-based personal data are announced.
The Personal Data Protection Committee was established.
The authorizations of employees who have a change of job or quit their job in this field are removed.
The signed contracts contain data security provisions.
Monitoring personal data security
is done.
PERSONAL DATA PROTECTION COMMITTEE
Within Işıksan Otomotiv, a Personal Data Protection Committee was established based on the decision of the Board of Directors. The Personal Data Protection Committee is authorized and in charge of taking the necessary actions and supervising the processes for the storage and processing of the data of the persons concerned in accordance with the law, Işıksan Otomotiv Personal Data Processing and Protection Policy and Işıksan Automotive Personal Data Retention and Disposal Policy.
The Personal Data Protection Committee consists of at least three people, including a chairman, an administrative expert, and a technical expert. The titles and job descriptions of Işıksan Otomotiv employees working in the Personal Data Protection Committee are listed below. The Personal Data Protection Committee takes its duties and responsibilities from the decisions of the Company's board of directors.
Table 6: Personal Data Protection Committee
Title
Job Description
Chairman of the Personal Data Protection Committee
To direct all kinds of planning, analysis, research and risk determination studies in the projects carried out in the process of compliance with the Law; It is obliged to manage the processes to be carried out in accordance with the KVKK, Işıksan Otomotiv Personal Data Processing and Protection Policy and Işıksan Otomotiv Personal Data Retention and Disposal Policy and to decide on the requests received by the relevant persons.
KVKK Specialist (Technical and Administrative)
Reporting the requests of the persons concerned to the Personal Data Protection Committee Manager for review and evaluation; Fulfilling the transactions regarding the requests of the persons evaluated and decided by the Personal Data Protection Committee Manager in accordance with the decision of the Personal Data Committee Manager; auditing the storage and destruction processes and reporting these audits to the Personal Data Committee Manager; Responsible for the execution of storage and destruction processes.
PUBLICATION AND STORAGE OF THE POLICY
The policy is published in two different media, with wet signature (printed paper) and electronically, and is disclosed to the public on the website. The printed paper copy is also kept in the file by the Chairman of the Personal Data Protection Committee.
UPDATE PERIOD OF THE POLICY
Required sections of the policy are reviewed when needed, and necessary sections are updated. Changes made in this Personal Data Retention and Disposal Policy are immediately processed in the text and explanations regarding the changes are announced at the end of the policy. The updates to be made in Işıksan Otomotiv's Personal Data Retention and Disposal Policy will be published at www.isiksan.com/kvkk.
ENFORCEMENT OF THE POLICY
This policy … / …. / .…. enters into force on. The policy is published on Işıksan Automotive's website indefinitely and can be directly communicated to the requesting personal data owner by sharing a text or access link. If it is decided to repeal the Policy, old copies of this Policy with wet signatures are canceled and signed by the relevant unit and are kept for 5 years.
Cookies and similar tools are used on our website to improve performance and improve your user experience. For this purpose, unlike others, Adobe Analytics is used. By continuing to browse our site, you agree to the use of these tools. For more information about the cookies we use and how to change your settings, please see the privacy policy and KVKK section.
Reddet Kabul Ediyorum