SECTION: NATURE AND PURPOSE OF THE STORAGE AND DISPOSAL POLICY
1.1. LOGIN
This storage and disposal policy is made by BERFİN TRIKO TEKSTİL SAN. VE TİC. LTD. ŞTİ./MİSS DALIDA . Briefly (“Miss Dalida”), it has been prepared for the purpose of determining the procedures and principles to be applied by Miss Dalida regarding the deletion, destruction or anonymization of personal data in accordance with the Personal Data Protection Law No. 6698 and other legislation.
In this context, the personal data of our employees, employee candidates, customers and all real persons who have personal data for Miss Dalida for any reason are managed in accordance with the laws within the framework of the Personal Data Processing and Protection Policy and this Personal Data Retention and Disposal Policy.
1.2. DEFINITIONS
Direct identifiers:
identifiers that, by themselves, directly reveal, disclose and distinguish the person with whom they are in a relationship,
Indirect identifiers:
Identifiers that come together with other identifiers, revealing, disclosing and making distinguishable the person they are in a relationship with,
Related person:
The real person whose personal data is processed,
Destruction:
Deletion, destruction or anonymization of personal data,
Law:
Law on Protection of Personal Data No. 6698 published in the Official Gazette dated 07.04.2016 and numbered 29677,
Regulation:
Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224
Board:
Personal Data Protection Board
Recording medium:
Any environment where personal data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system,
Processing of Personal Data and Privacy Policy:
The policy, which can be accessed at https://shop.missdalida.com/ and www.missdalida.com, determining the procedures and principles regarding the management of personal data held by Miss Dalida,
Data logging system:
It refers to the recording system in which personal data is processed and structured according to certain criteria.
SECTION: ENVIRONMENTS AND SAFETY PRECAUTIONS
2.1. ENVIRONMENTS WHERE PERSONAL DATA IS STORED
Personal data stored with Miss Dalida are kept in a recording environment in accordance with the nature of the data and our legal obligations.
The recording media used for the storage of personal data are generally listed below. However, some data may be kept in a different environment than the ones shown here, due to their special qualities or our legal obligations. Miss Dalida acts as a data controller and processes and protects personal data in accordance with the Law, Personal Data Processing and Protection Policy and this Personal Data Retention and Disposal Policy.
a) Printed media:
They are media where data is kept by printing on paper or microfilms.
b) Local digital environments:
Servers within Miss Dalida are other digital media such as fixed or portable disks, optical disks.
2.2. SECURING ENVIRONMENTS
Miss Dalida takes all necessary technical and administrative measures in accordance with the characteristics of the environment in which it is kept with the relevant personal data in order to keep the personal data safe and to prevent its unlawful processing and access.
These measures include, but are not limited to, the following administrative and technical measures to the extent that they comply with the nature of the personal data and the environment in which it is kept.
2.2.1. Technical Measures
Miss Dalida takes the following technical measures in accordance with the characteristics of all environments where personal data is stored and the environment where the data is kept:
Only up-to-date and secure systems suitable for technological developments are used in environments where personal data is kept.
Security systems and firewalls are used for environments where personal data is kept.
Security tests and research are carried out to detect security vulnerabilities on information systems, and the existing or potential risky issues identified as a result of the tests and researches are eliminated.
Access to the data is restricted to the environments where personal data is kept, and only authorized persons are allowed to access this data limited to the purpose of storing personal data, and all accesses are recorded.
Miss Dalida has sufficient technical personnel to ensure the security of the environments where personal data is kept and purchases services from consultancy firms for information processing security.
2.2.2. Administrative Measures
Miss Dalida takes the following administrative measures in accordance with the characteristics of all environments where personal data is stored and the environment in which the data is kept:
Efforts are being made to raise awareness and raise awareness of all Miss Dalida employees who have access to personal data on information security, personal data and privacy.
Legal and technical consultancy services are obtained in order to follow the developments in the field of information security, privacy and protection of personal data and to take necessary actions.
In the event that personal data is transferred to third parties due to technical or legal requirements, protocols are signed with the relevant third parties in order to protect personal data, and all necessary care is taken to ensure that the relevant third parties comply with their obligations in these protocols.
2.2.3. Internal Audit
Miss Dalida conducts internal audits regarding the implementation of the provisions of the Law and the provisions of this Personal Data Retention and Disposal Policy and Personal Data Processing and Protection Policy in accordance with Article 12 of the Law.
If deficiencies or defects regarding the implementation of these provisions are detected as a result of internal audits, these deficiencies or faults are immediately corrected.
If it is understood that the personal data that is under the responsibility of Miss Dalida during the audit or otherwise, has been obtained by others illegally, Miss Dalida notifies the relevant person and the Board as soon as possible.
SECTION: DISPOSAL OF PERSONAL DATA
3.1. REASONS FOR STORAGE AND DISPOSAL
3.1.1. Reasons for Storage
Personal data held within Miss Dalida Our Law and Personal Data Policy (see related policy “www.missdalida.com and www.shop.missdalida.com”)
It is stored for the purposes and reasons stated here.
3.1.2. Reasons for Disposal
Personal data within the body of Miss Dalida are deleted, destroyed or anonymized ex officio in accordance with this destruction policy, upon the request of the person concerned or if the reasons listed in Articles 5 and 6 of the Law are eliminated.
The reasons listed in Articles 5 and 6 of the Law consist of the following:
expressly stipulated in the law.
It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid.
It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
It is mandatory for the data controller to fulfill its legal obligation.
Being made public by the person concerned.
Data processing is mandatory for the establishment, exercise or protection of a right.
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
3.2. DISPOSAL METHODS
Miss Dalida, ex officio deletes and destroys the personal data it has stored in accordance with the Law and other legislation and the Personal Data Processing and Protection Policy, upon the request of the person concerned or within the periods specified in this Personal Data Retention and Destruction Policy, in case the reasons requiring the processing of the data disappear. or make it anonymous.
The most used deletion, destruction and anonymization techniques by Miss Dalida are listed below:
3.2.1.1 Deletion Methods
Deletion Methods for Personal Data Held in Printed Media
Blackout:
Personal data in the printed media are deleted using the blackout method. The blackening process is done by cutting the personal data on the relevant document when possible, and making it invisible by using fixed ink in a way that it cannot be readable with technological solutions, in cases where it is not possible.
Secure deletion from software:
Personal data kept in the cloud or local digital environments are deleted with a digital command, irrecoverably. Data deleted in this way cannot be accessed again.
3.2.1.2 Methods of Extermination
Destruction Methods for Personal Data Held in Printed Media
Physical destruction:
Documents kept in printed media are destroyed in a way that they cannot be reassembled with document shredders.
Destruction Methods for Personal Data Held in Local Digital Environment
Physical destruction:
It is the process of physically destroying optical and magnetic media containing personal data, such as melting, burning or pulverizing. Data is rendered inaccessible by processes such as melting, incinerating, pulverizing, or passing through a metal grinder to optical or magnetic media.
De-magnetizing (degauss):
It is the process of unreadable corruption of the data on the magnetic media by exposing it to a high magnetic field.
Overwrite:
Random data consisting of 0s and 1s is written at least seven times on magnetic media and rewritable optical media, preventing reading and recovery of old data.
3.2.1.3. Anonymization Methods
Anonymization is making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching it with other data.
Extracting variables:
It is the removal of one or more of the direct identifiers included in the personal data of the data subject and which will help to identify the person concerned in any way.
This method can be used to anonymize personal data, or it can also be used for deletion of personal data if there is information that is not suitable for the purpose of data processing.
This personal data can be used to become anonymous, or it can be used in the process of not doing this as a set of personal data that is not collected in accordance with the data purpose.
Territorial protection:
When personal data is found in aggregate, it can be distinguished from the data contained in the data table.
Generalization:
It is intended to gather the personal data of the person and reach the statistical data obtained with the distinctive information.
Child and parent relations / Global coding:
Ranges of categories that can be determined in a certain way are determined. If the variable does not contain a value, how to zoom in this way is categorized.
Values within the same category are combined.
Micro join:
With this, all the records in the datasets are basically arranged in a meaningful order, along which the whole cluster is divided into many clusters. Information about the value of the value after a subset of the user community, which is more exclusive of its subset. In this way, it is made difficult for those who pass through it and those who are on the path of the data.
Data hashing and tampering:
Personal data is passed or reviewed.
Miss Dalida intends to anonymize personal data, one or more of these anonymization methods, depending on the scope of the relevant data. Miss Dalida can use this anonymization method formatting Anonymity,Diversity, Starith hero.
3.3. STORAGE AND DISPOSAL TIMES
3.3.1. Storage Times
Worker
With the recruitment documents to the Social Security Institution; Personnel data, which are the basis for notifications regarding the length of service and wages, are retained during the continuation of the service contract and for a period of 5 (five) years from the end of the service contract.
Worker
With the recruitment documents to the Social Security Institution; Personnel data excluding the personnel data that is the basis for notifications regarding the length of service and wages
The calendar year following the end of the service contract is retained for 5 (5) years from the beginning of the year.
Worker
Data in the Workplace Personal Health File
It is retained for a period of 5 (five) years following the continuation of the service contract and from its end.
Business Partner/Solution Partner/Consultant
Identity information, contact information, financial information about the execution of the commercial relationship between the Business Partner/Solution Partner/Consultant and Miss Dalida, voice recordings from phone calls, Business Partner/Solution Partner/Consultant employee data, Business Partner/Solution Partner/Consultant's, Miss Dalida It is kept for 10 years in accordance with Turkish Code of Obligations art.146 and Turkish Commercial Code art.82 during and after the business/commercial relationship with the Company.
Visitor
Visitor's name, surname, and camera records taken at the entrance to the physical space belonging to Miss Dalida are kept for 2 years.
Website Visitor
The name, surname, e-mail address, navigational information of the Website Visitor are stored for 2 years.
Employee Candidate
Information in the CV and job application form of the Employee Candidate
It is kept for a period of time until the CV loses its currency, for a maximum of 1 year.
Intern student)
Information in the internship file of the intern
It is retained for a period of 5 (five) years from the beginning of the calendar year following the end of the internship relationship.
Customer
Customer's name, surname, T.C.K.N., contact information, payment information and methods, navigational information, product/service preferences, transaction history, special day information ) is stored for a year.
Customer
Camera images are stored for 1 month.
Institutions/Companies that Miss Dalida Collaborates with (Supplier, Manufacturer, Dealer/Franchise)
Identity information, contact information, financial information regarding the execution of the commercial relationship between Miss Dalida's Collaborating Institutions/Firms and Miss Dalida's Collaborating Institution/Company employee data of Miss Dalida's Collaborating Institutions/Companies, It is kept for 10 years in accordance with Turkish Code of Obligations art.146 and Turkish Commercial Code art.82 during and after the business/commercial relationship with Miss Dalida.
* If it has been issued for a longer period in accordance with the legislation, or in accordance with the legislation, the statute of limitations, foreclosure period, retention periods, etc. If a longer period is foreseen for the storage period, the periods in the provisions of the legislation are considered as the maximum storage period.
3.3.2. Disposal Times
Miss Dalida deletes personal data in the first periodical destruction process following the date when the obligation to delete, destroy or anonymize personal data for which it is responsible in accordance with the Law, relevant legislation, Personal Data Processing and Protection Policy and this Personal Data Retention and Disposal Policy, destroy or anonymize.
When the person concerned requests the deletion or destruction of his/her personal data by applying to Miss Dalida pursuant to Article 13 of the Law;
If all the conditions for processing personal data have disappeared; Miss Dalida deletes, destroys or anonymizes the personal data subject to the request with the appropriate destruction method, explaining the reason within 30 (thirty) days from the day of receipt of the request. In order for Miss Dalida to be deemed to have received the request, the person concerned must have made the request in accordance with the Personal Data Processing and Protection Policy. In any case, Miss Dalida informs the person concerned about the transaction.
If all the conditions for processing personal data have not disappeared, this request may be rejected by Miss Dalida by explaining the reason in accordance with the third paragraph of Article 13 of the Law, and the refusal will be notified to the relevant person in writing or electronically within thirty days at the latest.
3.4. PERIODIC DISPOSAL
In the event that all the conditions for the processing of personal data in the law are eliminated; Miss Dalida deletes, destroys or anonymizes the personal data whose processing conditions have been eliminated, through a process to be carried out ex officio at repetitive intervals and specified in this Personal Data Retention and Disposal Policy.
Periodic destruction processes start for the first time on 01.10.2020 and repeat every 6 (six) months.
3.5. AUDIT OF LEGAL COMPLIANCE OF DISPOSAL
Miss Dalida carries out the destruction processes, which it performs ex officio, on request and in periodic destruction processes, in accordance with the Law, other legislation, the Policy on the Processing and Protection of Personal Data and this Personal Data Retention and Destruction Policy.
Miss Dalida takes a number of administrative and technical measures to ensure that the destruction processes are carried out in accordance with these regulations.
3.5.1. Technical Measures
Miss Dalida has technical tools and equipment suitable for each disposal method in this policy.
Miss Dalida ensures the safety of the place where the destruction operations are carried out.
Miss Dalida maintains access records of the people who do the destruction.
Miss Dalida employs competent and experienced personnel to carry out the destruction process or receives service from competent third parties when necessary.
3.5.2. Administrative Measures
Miss Dalida works to raise awareness and raise awareness of its employees about information security, personal data and privacy.
Miss Dalida receives legal and technical consultancy services to follow the developments in the field of information security, privacy, protection of personal data and safe destruction techniques and to take necessary actions.
In cases where Miss Dalida has the destruction process done by third parties due to technical or legal requirements, it signs protocols with the relevant third parties for the protection of personal data, and takes all necessary care to ensure that the relevant third parties comply with their obligations in these protocols.
Miss Dalida regularly checks whether the destruction processes are carried out in accordance with the law and the terms and obligations set forth in this Personal Data Retention and Disposal Policy, and takes the necessary actions.
Miss Dalida records all transactions regarding the deletion, destruction and anonymization of personal data and keeps these records for at least three years, excluding other legal obligations.