POLICY ON THE PROTECTION, PROCESSING, STORAGE, AND DESTRUCTION OF PERSONAL DATA
TABLE OF CONTENTS
1.DEFINITIONS
2.PURPOSE OF PREPARATING POLICY ON STORAGE AND DESTRUCTION OF PERSONAL DATA
3.SCOPE AND AMENDMENT OF POLICY
4.CONDITIONS FOR PROCESSING PERSONAL DATA
5.PROCESSING OF PERSONAL DATA WITH PRIVATE QUALITY
6.GENERAL PRINCIPLES FOR PROCESSING OF PERSONAL DATA
7.CATEGORIZATION OF PERSONAL DATA AND DATA OWNERS
8.METHODS OF COLLECTIONG PERSONAL DATA
9.PURPOSES FOR PROCESSING PERSONAL DATA
10.PERSONAL DATA RECORDING ENVIRONMENTS
11.TRANSFER OF PERSONAL DATA
11.1 Transfer of personal data within domestic country
11.2 Transfer of personal data abroad
11.3 Third parties to whom personal data can be transferred.
12.CONFIDENTIALITY AND SAFETY OF PERSONAL DATA
12.1 Reasons requiring storage and destruction of personal data.
12.1.1 Legal, technical and other reasons requiring storage of personal data.
12.1.2 Legal, technical and other reasons requiring destruction of personal data.
12.2 Measures taken to ensure safe storage of personal data and avoiding their being processed and accessed illegally.
12.2.1 Technical measures
12.2.2 Administrative measures
12.3 Measures taken to ensure legal destruction of personal data.
12.3.1 Technical measures
12.3.2 Administrative measures
12.4 Personal data protection committee
12.5 Products and services owned by third party institutions.
12.6 Tasks and responsibilities of company departments
13.DESTRUCTION OF PERSONAL DATA
13.1 Erasure of personal data
13.2 Destruction of personal data
13.3 Anonymizing personal data
14.STORAGE AND DESTRUCTION PERIODS OF PERSONAL DATA
15.PERIODICAL DESTRUCTION PERIODS OF EMC Medya Yayıncılık Ticaret Ltd. Sti
16.RIGHTS OF DATA OWNER AND PRINCIPLES FOR USING THESE RIGHTS
16.1 Rights of data owner
16.2 Situations where law won’t be applied and data owner cannot use his rights
16.3 Rules for data owner to use his rights.
16.4 Answering to the application of data owner.
16.5 Right of data owner to make complaint to council.
ANNEX-1 APPLICATION FORM
1.DEFINITIONS
Explicit consent: It is the consent relating to a specific subject, based on notification and given by free will.
Anonymizing: Making personal data processed so that even if they are matched with other data, they cannot be correlated with a specific identity.
Application form: It is the form that is prepared by EMC Medya, being published on web site and given in Annex-1 of this policy, regarding usage of rights stipulated in 11th article of law about protection of personal data and which can be referred to by EMC Medya Yayıncılık Ticaret Ltd. Sti.
Audit company: They are the people authorized by Public Supervision, Accounting and Audit Standards Institution among sworn financial consultancy or independent accountant financial consultant license owning occupational members, to conduct independent audit regarding conformity and correctness of financial reporting with regards to standards, to obtain appropriate independent audit evidences to provide reasonable assurance, by applying independent audit technics, by making audit through ledgers, records and documents and issuing a report by evaluating them.
Relevant user: It defines the person who is processed his/her personal data, apart from people or divisions being responsible for technical storage, protection and back-up of personal data, within organization of EMC Medya Yayıncılık Ticaret Ltd. Sti. or those processing personal data as per authorization and instruction given by EMC Medya Yayıncılık Ticaret Ltd. Sti.
Law: It is law about the protection of personal data numbered 6698.
Personal data: It defines all kinds of information relating with a real person whose identity is defined or can be defined, including his name, last name, address, T.R.ID no, phone number, e-mail but not being limited with these,
Council: It defines personal data protection council.
Institution: It defines personal data protection institution.
Destruction of personal data: It is erasure of personal data, their destruction or being anonymized.
Processing of personal data: It defines all kinds of processes realized on personal data, such as their being obtained automatically on condition that personal data are part of a data recording system being completely or partially automatic, their being recorded, stored, maintained, changed, rearranged, disclosed, transferred, taken over, attained, classified or avoided to be used.
EMC Medya: It defines EMC Medya Yayıncılık Ticaret Ltd. Sti.
Personal data with private quality: Data of people relating with their race, ethnical root, political opinion, philosophical belief, religion, other belief forms, clothing, membership at associations, foundations and unions, health, sexual life, criminal obligations, security measures and biometrical and genetic data are defined as personal data with private quality.
Policy: It defines policy of EMC Medya relating with protection, processing, storage and destruction of personal data.
Erasure: It is the process of making personal data become not accessible or reused by relevant users.
Applications: They are applications developed by EMC Medya, being downloaded from Google Play Store or AppStore and used on other devices enabled by mobile phones, tablets or other devices.
Data processor: It is a real or legal person processing personal data on behalf of data responsible as per authorization given by him.
Data Recording System: It is a recording system where personal data is structured as per certain criteria and processed.
Data owner: It is a real or legal person defining processing purposes and tools for personal data and being responsible for the establishment and management of data recording systems.
Web site: It is used to define one, a few or all of web sites belonging to EMC Medya, and mainly to www.longevilab.com owned by EMC Medya Yayıncılık Ticaret Ltd. Şti.
Destruction: It is the process of ensuring that personal data cannot be accessed, attained or reused by someone.
2.PURPOSE OF PREPARING PERSONAL DATA STORAGE AND DESTRUCTION POLICY
Purpose of preparing this policy is to notify real people whose data are processed by EMC Medya acting with capacity of data responsible, about collection, processing, storage, destruction processes of personal data, related forms and purposes and their rights in accordance with the law and methods for their usage of their rights.
3.SCOPE AND AMENDMENT OF POLICY
This policy contains information about law and legislation relating with personal data and it becomes effective on the date it is published on web site named www.longevilab.com/kvkk Policy can sometimes be updated as per legal changes, changes taking place during processing of personal data by EMC Medya or as per relevant reasons. Updates become valid on the date of the new policy is published on the web site.
4.CONDITIONS FOR PROCESSING PERSONAL DATA
Processing of personal data defines all kinds of transactions realized such as their being obtained by non-automatic ways on condition that personal data are part of a recording system being completely or partially automatic, their being recorded, stored, maintained, changed, rearranged, disclosed, transferred, taken over, made attainable, classified or avoided to be used.
Personal data cannot be processed without getting explicit consent of the data owner as per 5th article of law. But as per regulation of same article, if any of below conditions occur, it is possible to process personal data without getting explicit consent of data owner.
*It’s explicitly foreseen in law: For example, submission of information about salaries of workers as per request of tax office.
*It’s required to protect the life or body integrity of relevant person or someone else, in relation to those who cannot declare their consent due to actual impossibility or to whose consent no legal validity is provided.
*On condition that it is directly related to the establishment or execution of a contract, it’s being required to process personal data belonging to contract parties. For example, due to a contract being executed, its being required to have bank and account details of payee to pay the money; sharing information about buyer such as his name-last name and address with cargo company to deliver the product subject to a distant sales contract.
*It’s being required for data responsible to fulfill his legal obligation: For example, in order to pay his salary to a worker, its being necessary to have his bank and account details, questioning whether he is married or not, if there is anyone he must look after, whether his spouse works or not, to have his social security information. *Their being made known by relevant person himself (data owner)
*It’s required to process data to establish, use or protect a right: For example, usage of certain data during a case opened by worker to provide evidence.
*On condition not to harm fundamental rights and freedoms of relevant person (data owner), its being required to process data for legitimate interests of data responsible: For example, on condition not to harm fundamental rights and freedoms of workers, processing of their personal data for arrangement of their promotions, salary increases, or social rights or for task and role distribution during restructuring process of enterprise.
5.PROCESSING OF PERSONAL DATA WITH PRIVATE QUALITY
Data relating with people’s race, ethnical root, political opinion, philosophical belief, religion, other beliefs, clothing, membership in associations, foundations and unions, sexual life, criminal obligations and security measures and their biometrical and genetic data are personal data with private quality.
As per the 6th article of law, it is forbidden to process personal data with private quality without getting explicit consent of relevant person. But data apart from above stated personal data relating to health and sexual life can be processes in situations stipulated in law without requiring explicit consent of data owner.
Personal data relating with health and sexual life can only be processed for purposes of protection of public health, protective medicine, medical diagnosis, execution of treatment and care services, planning of financing relating with health services and management, by people or authorized institutions under liability to keep secrets, without requiring explicit consent of relevant person.
6.GENERAL RULES RELATING WITH PROCESSING OF PERSONAL DATA
As per the 4th article of law, personal data can only be processed in accordance with rules and principles stipulated in law or other laws. Conformity with certain rules during processing of personal data has been made obligatory as per the same article.
In this context, EMC Medya processes your personal data as per below principles:
*Conformity with law and rules of honesty: EMC Medya does not collect or process personal data without notifying the Data owner. It processes personal data as per law and relevant legislation.
*To be correct and updated if required: EMC Medya shows utmost efforts to ensure personal data are correct and updated. In this context, to ensure correctness and updating of data, it keeps required channels open. As per application of data owner or if it is determined, it ensures correction of data.
*Processing for certain, open and legitimate purposes: Purposes of EMC Medya to process personal data have been clearly specified as per clarification obligation. EMC Medya processes personal data in accordance with law, in relation to work it conducts and/or services it provides for legitimate purposes.
*Being related, limited and reasonable in relation to processing purposes: EMC Medya processes data for specific, open and legitimate purposes. In this context, EMC Medya ensures collection of data as per this policy or as per consent received from data owner (explicit consent) and their storage for period required for the purpose. It avoids processing data not relating with purpose and/or not being needed. It keeps processing of data limited for only realization of purpose.
*Their storage as stipulated in relevant legislation or for period require for processing purpose: If there is a specific period stated in legislation for storage of personal data, EMC Medya abides with it. If such a period is not defined, personal data are only stored for the period required for processing purposes.
7.CATEGORIZATION OF PERSONAL DATA OWNERS
Real people whose personal data can be processed by EMC Medya have been explained and categorized in detail below.
Data Owner-Explanations:
Applicant: It defines real people applying to EMC Medya in written, oral or electronic form and transmitting questions, requests, proposals, complaints, applications including those relating with personal data. Other data owners in this categorization can also be applicants.
Employee: It defines people working under payroll of EMC Medya, regardless of having an employment contract or not, and students/graduates having apprenticeship at EMC Medya (obligatory/ voluntarily)
Real person client: It defines real people or private companies providing commodities or services required for provision of products and/or services by EMC Medya.
Real private companies providing services: It defines real people and private companies providing services to EMC Medya regardless of having a contract or not. Sub-contractors are also evaluated in this context.
Relevant officers of company collaborated with: They define shareholders/partners, officers and employees of real or legal people with whom EMC Medya collaborates.
Participant: It defines real people participating in activities such as events, contests, training programs organized by EMC Medya.
Customer officers: They define shareholders/partners, officers, employees, dealers and agencies, dealer workers of real or legal person clients of EMC Medya.
Shareholders: They define real or legal people having one or more shares of EMC Medya Yayıncılık Ticaret Ltd. Sti.
Potential worker: It defines people sending their curriculum vitae to EMC Medya to be employed within body of EMC Medya or to have apprenticeship (obligatory/voluntary). Company officer: It defines people in senior management of EMC Medya and/or those authorized to represent EMC Medya. Board members are considered in this scope.
Supplier officers: They define shareholders/partners, officers and employees of real or legal person suppliers of EMC Medya.
Application user: It defines real people downloading applications developed and provided by EMC Medya to their mobile transmission system device or using them.
Reseller officers: They define shareholders/partners, officers and employees of real or legal person resellers relating with EMC Medya.
Visitor: It defines real people physically coming to workplace of EMC Medya for providing a product or service or obtaining them or not and people recording their data at web site regardless of whether they are members or not, those providing data through web site or real people visitors collecting data in accordance with usage terms of web site. Other data owners in this categorization are also defined as web site visitors.
8.METHODS OF COLLECTING PERSONAL DATA
Personal data are collected and processed by EMC Medya as per this policy, law and relevant legislation, by written, verbal, electronic means, visual/sound recording or physically by coming face to face with data owner.
Data collection process is realized:
- i) through digital environments belonging to third parties including web site, applications, e-mail, employment portals or through a software,
- ii) through contracts, applications, forms, call center, remote support, sales and marketing division, cookies at web site, business card, telephone or
iii)through face-to-face conversations with data owner.
9.PURPOSES FOR PROCESSING PERSONAL DATA
EMC Medya processes personal data for specific, clear and legitimate purposes. In this context, personal data are processed as per below purposes:
*Negotiation, conclusion and execution of contracts *Provision of products and services
*Privatization of product and services being provided in conformity with request; their updating and development as per legal and technical development reasons *Making user descriptions in systems with regards to products and services being provided
*Announcing new or current products, services and campaigns, executing sales and marketing activities
*Making market research
*Keeping statistics an analyzing usage
*Paying for product, service amounts, collecting them, selecting collection method *Having contact/communication
*Carrying out commercial relations with firms, suppliers, resellers, service providing companies in collaboration
*Issuing reports within frame of cooperation
*Evaluation of agency and business partner application process *Developing commercial strategies of company and making plans
*Having contact in relation to satisfaction measurement surveys by EMC Medya *Having discounts from web sites and institutions agreed with for shopping made *Creating participant records in events/trainings organized by EMC Medya, issuing certificates/certificates of participation, determining owners of awards/gifts, delivery of awards/gifts
*Management of legal/administrative processes, answering to requests coming from public institutions, fulfilling legal obligations regarding legal regulations, resolving legal disputes
*Carrying out investor relations
*If company mergers with another company, is transferred completely or partially, to attain outcomes of such legal processes
*Introduction of EMC Medya workers, real person resellers/clients, officers of real person resellers/clients in social media sharing
*Execution of business conversations, evaluation of business applications
*Establishment, execution and finalization of business relationship/contract
*Making workers of EMC Medya benefit from real and side-benefits arising from employment contracts, evaluation of their performance and works
*Opening user account for workers, giving them company identity cards and meal cards
*Making transport organization of company workers, follow-up of company pool vehicles
*If there is a participation in an organization in company’s name, creating participant records
*Issuing training participation and certificate records of workers *Creating and monitoring visitor records
*Ensuring security of web site and applications for internal and environmental security of company
*Usage analysis of web site
*Creating personal data inventory
*Evaluation of all kinds of questions, requests, proposals, complaints, applications sent in written, verbal or electronic means, including those relating with personal data
10.PERSONAL DATA REGISTRY ENVIRONMENTS
Personal data collected by EMC Medya can be stored in various environments depending on quality of data, processing purposes, and usage frequency. In this context, personal data can be stored by EMC Medya as follows: *non-electronic environments: Paper, manual data systems (such as reservation forms), written, printed, visual environments.
*Electronic environments: Software, cloud, central server, portable media, database and similar environments and network device, flash-based environments, magnetic band, magnetic disc, mobile phone, optical disc, printer, port passage/security system and environmental systems.
11.TRANSFER OF PERSONAL DATA
Within the frame of national and international legislative provisions and mainly KVKK, EMC Medya can transfer personal data it processes within domestic country or abroad. It can make them subject to transfer operations. During these processes, 8th and 9th articles of KVKK law and directive numbered 95/46/EC and provisions of GPPR making this directive become ineffective are considered. Regarding transfer of personal data within domestic country and abroad, EMC Medya has fulfilled conditions stipulated with above mentioned law articles and directives.
11.1 Transfer of personal data within domestic country
As per 8th article of law, personal data cannot be transferred to third parties without getting explicit consent of the data owner.
But if one of the situations stated in 4th article of policy not requiring explicit consent of data owner is present, it is possible for personal data to be transferred to third parties within domestic country without getting explicit consent of data owner.
11.2 Transfer of personal data abroad
As per the 9th article of law personal data cannot be transferred abroad without getting explicit consent of the data owner.
But if one of below conditions is present, it is possible for personal data to be transferred to third parties within domestic country without getting explicit consent of data owner:
*Presence of a situation stated in 4th or 5th article of this policy, where consent of data owner is not required
*Availability of adequate protection in the foreign country where personal data will be transferred
*If adequate protection is not available, in case data responsible in Turkey and in relevant foreign country undertake adequate protection in written form and if council gives permission countries where there is adequate protection are determined and announced by the council.
On condition that provisions of international contracts are preserved, personal data can only be transferred abroad by getting opinion of relevant public institution or association and with permit of council in cases where interest of Turkey or data owner can be seriously harmed.
11.3 Third parties to whom personal data can be transferred.
On condition that provisions of international contracts are preserved, personal data can only be transferred abroad by getting opinion of relevant public institution or association and with permit of council in cases where interest of Turkey or data owner can be seriously harmed.
11.3 Third parties to whom personal data can be transferred.
In order to fulfill purposes stated in the 9th article of this policy, personal data of EMC Medya can be transferred to below stated third parties that can be real a legal people within domestic country or abroad in accordance with 8th and 9th articles of law:
-Consultants
-Audit firms
-Service providing companies
-Companies collaborated with
-Customers
-Shareholders
-Suppliers
-Banks and financial institutions
-Judicial authorities and public authorities
-Resellers
-Central registry institution, public clarification platform
12.CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
EMC Medya gives importance to confidentiality and security of personal data and it takes legal, technical and administrative measures as stipulated in law and relevant legislation to protect personal data.
12.1 Reasons requiring storage and destruction of personal data.
12.1.1 Legal, technical and other reasons requiring storage of personal data.
If main collection reason of personal data or if secondary processing ground stated in this policy is eliminated, they will be stored by EMC Medya as stated below:
-To fulfill legal obligations of EMC Medya that have arisen or will arise and as per the measures specified in law and/or as per ordered periods,
-Data foreseen to be erased and/or made anonymized will be stored for business continuity, avoidance of data loss and data protection, in back-up/archive and similar environments in a situation not being ready to be accessed
-Data that will be destroyed by being erased, eliminated or being anonymized will be stored until the next periodical date of destruction at the latest.
12.1.2 Legal, technical and other reasons necessitating destruction of personal data -Elimination of all purposes requiring processing of personal data and reasons requiring them to be stored.
-Withdrawal of consent given by relevant person in cases where it is required to get explicit consent for processing of personal data
-Data owner’s requesting for personal data to be destroyed by using his rights stated in 11th article of law and 16th article of this policy and acceptance of application being made by EMC Medya or approval of request by council after complaint being made to council following rejection of this request
-Although maximum time required for storage of personal data has passed, presence of a condition justifying storage of personal data for a longer period.
12.2 Measures taken to ensure secure storage of personal data and avoidance of their being processed and accessed illegally.
12.2.1 Technical measures
-Authorizations to access personal data are limited and access records are kept.
-Data recording environments and mainly virus protection programs are protected with various software/hardware and passwords to avoid any illegal intervention to personal data both from within company and from outside.
-Necessary inspections are made or caused to be made, with the aim of ensuring that personal data are processed as per rules and principles stipulated in law.
-Data recording environments under possession of EMC Medya are made subject to security tests at regular intervals by specialized institutions and if a security bug is detected, said bug is eliminated.
-Accesses to storage areas where personal data are kept are recorded and improper accesses or access attempts are controlled.
-By following security bugs, appropriate security patches are loaded, and information systems are kept as updated.
-In electronic environments where personal data are processed, strong passwords are used.
-In electronic environments where personal data are processed, safe record keeping (logging) systems are used.
-Data back-up programs ensuring secure storage of personal data are used.
-Access to personal data stored in electronic or non-electronic environments, are limited as per access principles.
-A separate policy has been determined in relation to security of personal data bearing private quality. Among these data those in digital environment are kept locked in human resources applications providing service through web and having required security certificates and files that are not digital are locked in personal files and they can only be accessed by employees working at human resources department.
-Trainings have been given to employees working on processing of personal data
bearing private quality with regards to security of personal data bearing private quality and confidentiality agreements have been concluded and authorizations of users having authorization to access data have been defined.
-Electronic environments where personal data bearing private quality are processed, kept and/or accessed are maintained by using cryptographic methods and cryptographic keys are kept in a secure environment. All process records are logged, and security updates of environments are continuously monitored and necessary security tests are conducted/caused to be conducted regularly and test results are kept recorded.
-Adequate security measures are taken for physical environments where personal data bearing private quality are processed, kept and/or accessed and by ensuring physical security, unauthorized entries and exits are avoided.
12.2.2 Administrative measures
-Personal data protection Committee has been established and made functional.
-Employees are made subject to training to ensure the security of data and their being processed legally in the light of laws and other legislation and developments relating with them and notifications are made.
-Data being processed are differentiated on division basis and awareness and process activity are ensured as being specific to business unit.
-Inspections are made regularly within the company.
-For contracts to be concluded with employees and third parties, besides provisions ensuring protection of confidentiality of data, processing purposes, scope and period relating with personal data are determined and responsibilities of parties are clearly regulated and provisions are added to create sanctions for processing activities violating the provisions.
Discipline procedure has been prepared to be applied to employees not complying with security policy and procedures.
-Before starting personal data processing, the company fulfills its obligation to clarify relevant people.
Personal data processing inventory has been prepared.
Periodical and random inspections are made in the company.
Information security trainings are given to employees.
12.3 Measures taken to destroy personal data in a legal way
12.3.1 Technical measures
-Destruction process is realized by technical personnel informed about the subject or under their supervision.
The company takes necessary measures so that erased personal data cannot be accessible or reused by relevant users.
12.3.2 Administrative measures
-Personal data protection committee has been established and made functional. -Employees are made subject to trainings in periodical and proper destruction of personal data and they are being informed.
-Regular inspections are done in the company.
-Regarding contracts to be signed with employees and third parties, provisions are added which bring sanctions in case data are not destroyed in accordance with law and relevant legislation.
Discipline procedures have been prepared for employees who do not comply with security policy and procedures.
-Before processing personal data, the company fulfills its obligation to clarify relevant people.
-Personal data processing inventory has been prepared.
-Information security trainings are given to employees.
12.4 Personal data protection committee
A “Personal data protection committee” has been established within body of EMC Medya in order to carry out personal data storage and destruction processes and to take necessary actions as per this policy. Main tasks of committee are as follows:
-To prepare policies relating with protection, storage, processing and destruction of personal data or cause them to be prepared and to execute them
-To realize audits within company to ensure conformity of personal data protection, storage, processing and destruction processes with law and policy or to cause them to be realized. To take necessary measures if any deficiency or mistake is determined in this respect.
-To ensure notification of employees to ensure processing and destruction of personal data in accordance with law and to avoid illegal accessing, to arrange trainings when required or to ensure that employees attend trainings organized by third parties
-To evaluate applications of data owners, to ensure coordination within company to answer to the applications and to ensure that the answer reaches data owner within legal period
-To monitor changes taking place in legislation relating with personal data through consultants or service providing companies, to ensure actions being taken within company to comply with new regulations
-To ensure necessary coordination and communication in situations where communication should be had with council
12.5 Products and services belonging to third party institutions.
Services provided by EMC Medya and web site and applications it has, can contain web site, products and services which EMC Medya does not own or control processing of, and which are operated by third party institutions and connections can be had with them. If you use this web site, products and services, your personal data can be transferred to third party institutions. EMC Medya does not have a guarantee or commitment that relating with this web site, products and services accessed to, content, conformity, security, confidentiality policies and communication will be continuously provided. Before realizing any transaction, security and confidentiality terms of said companies should be read.
12.6 Tasks and obligations of company departments Title-Task
Information processing consultant: To ensure conformity of processes within job definition at workplace with storage process, to ensure storage of personal data in proportion to purpose, to pay attention to all applications that may come from relevant people and to follow up and finalize them, to manage personal data destruction process as per periodical destruction process, taking technical measures relating with digital data that can be accessed through company network
Human resources manager: To ensure conformity of processes within job definition at workplace with storage process, to ensure storage of personal data in proportion to purpose, to pay attention to all applications that may come from relevant people and to follow up and finalize them, to manage personal data destruction process as per periodical destruction process, taking technical measures relating with digital data that can be accessed through company network.
- DESTRUCTION OF PERSONAL DATA
Although being processed in accordance with provisions of law and other relevant law, if all reasons requiring processing and storage are eliminated, personal data are erased, destroyed or anonymized by EMC Medya ex officio or as per request of data owner.
13.1Erasure of personal data
Erasure of personal data is processed such that personal data can no longer be accessed or reused by users.
EMC Medya can use below methods depending on environments where data are recorded, in order to erase personal data:
-Giving erasure instruction
-Darkening
-Eliminating
-Canceling access rights of user on the sequence where file is present -Erasing by means of software
-Erasing with database command
13.2 Destruction of personal data
Destruction of personal data is the process where personal data cannot be accessed, reobtained or reused by anyone in any way.
EMC Medya can use one or a few of below methods depending on environment where data are recorded in order to destroy personal data:
-Demagnetizing
-Physical destruction
-Rewriting
-Destroying with “Block Erase” command
-Destroying with paper destruction machine -Destroying all copies of ciphering keys
13.3 Anonymizing personal data
Anonymizing personal data is the process where personal data cannot be correlated with a real person whose identity is determined or can be determined, even if personal data are matched with other data.
For personal data to be anonymized, it should not be possible to correlate personal data with a real person whose identity is determined or can be determined, even with usage of appropriate techniques relating with reobtaining data from third parties or people to whom they were transferred matching data with other data.
EMC Medya may use one or a few of below methods to anonymize personal data:
-Removing variables
-Removing records
-Upper and lower limit coding
-Regional hiding
-Sampling
-Micro-combining
-Data exchange
-Noise addition
-Anonymizing
-Variation
-Closeness
14.PERSONAL DATA STORAGE AND DESTRUCTION PERIODS
EMC Medya keeps personal data for required period relating to processing purposes. If the purpose of collecting personal data or secondary processing ground stated in this policy is eliminated, personal data are continued to be stored for periods stated in article 12.1.1 of this policy.
If obligation to erase, destroy or anonymize arises as a result of ending of these periods, EMC Medya erases, destroys or anonymizes personal data during the first periodical destruction process following this date.
15.PERIODICAL DESTRUCTION PERIODS OF EMC MEDYA
The periodical destruction period of EMC Medya is ….. months. The committee can shorten this period if damage occurs that are impossible or difficult to remedy.
16.RIGHTS OF DATA OWNER AND PRINCIPLES FOR USING THESE RIGHTS
16.1 Rights of data owner
As per 11th article of law, data owner may apply to EMC Medya for below reasons:
-To learn whether his personal data are processed or not
-To request information if his personal data have been processed
-To learn purpose of processing personal data and whether they are used in accordance with purpose or not
-To know about third parties to whom personal data are transferred within domestic country or abroad
-If personal data are processed as deficient or wrong, to request for their correction and to ask for the process realized in this scope to be notified to third parties to whom personal data are transferred
-Even though they are processed as per provisions of law and other relevant legislation, if reasons requiring their processing is eliminated, to request for personal data to be erased or destroyed and to notify third party to whom personal data are transferred in this regard
-To make objection to an outcome against favor of relevant person, that comes out because of analysis of processed data by means of automatic systems
-If he incurs damages because of illegal processing of personal data, to claim for his damages to be remedied.
16.2 Cases where law will not be applied and rights of data owner will not be used as per 1st item of 28th article of law, provisions of law will not be applied in below cases:
-Processing of personal data in relation to person himself or his family members living in the same house for activities relating with them, on condition that they are not given to third parties and that it is complied with provisions relating with data security
-Processing of personal data for research, planning and statistical purposes by being anonymized with official statistics
-Processing of personal data for purposes relating with art, history, literature or science or expression of opinion, on condition not to violate national defense, national security, public security, public order, economical security, confidentiality of private life or personal rights or on condition not to constitute any crimes
-Processing of personal data within scope of preventive, protective and informative activities by public institutions and associations authorized by law for ensuring national defense, national security, public order, public security or economic security
-Processing of personal data by judicial or execution authorities in relation to investigation,
judgment or execution.
According to 2nd item of 28th article of law, data owner cannot use his rights stated in article 14.1 of
Policy apart from his right to request remedy for his damage in below situations:
-It’s being required to process personal data to avoid realization of crime or being
required for criminal investigation.
-Processing of personal data that are made known by relevant person
-It’s being required for processing of personal data for carrying out inspection or organization tasks and disciplinary investigation by institutions and associations authorized and assigned as per the law and by professional institutions bearing quality of public institutions
-It’s being required to process data to protect government’s economic and financial interests relating with budget, tax and financial issues.
16.3 Principles for data owner to use his rights.
Data owner may use his rights stated in article 16.1 of this policy, by filling in the application form given in Annex-1 with wet signing and delivering it via notary to the address of “REŞADİYE MAH. ŞEHİT MURAT DEMİR CAD. NO: 4B/1 ÇEKMEKÖY” or by personally applying to this address or delivering it through his proxy.
It is obligatory to submit documents proving identity, any documents supporting the request and warrant of attorney including relevant private authorization in case data owner wishes to use this right through his proxy, in the attachment of form.
16.4 Replying to application of data owner.
Requests delivered on a form will be answered at the soonest time and latest within thirty days free of charge depending on the quality of request. But if the process requires additional cost, fees can be charged as per tariff determined by committee.
If in the application, information is shared as deficient or wrong, if request is not stated in a clear and understandable way, if documents supporting request are not submitted, if warrant of attorney is not enclosed for applications made through a proxy, EMC Medya may experience difficulties in meeting the requests and delays can occur in investigation process. For this reason, regarding usage of rights stated in 11th article of law, it is important to pay attention to these particulars. Or else EMC Medya will not be liable for any delays that may occur.
EMC Medya reserves its legal rights against applications that are wrong, against the law/not true, and or bearing bad intentions.
16.5 Right of data owner to make complaint to committee.
If application is rejected, if the reply is not considered to be sufficient, or if no reply is given within required time, data owner has the right to make complaint to committee within thirty days after date of learning about reply of EMC Medya companies and in any case to make complaint within sixty days following application date.
ANNEX-1 APPLICATION FORM
This form has been prepared for creating easiness while you apply to EMC Medya to use your right to obtain information as per 11th article of law about protection of personal data. To get information about processing of your personal data and about the process following your application with this form, please examine Policy of EMC Medya about protection, processing, storage and destruction of personal data being published at web site of https://www.longevilab.com/kvkk. (policy)
- Contact details of applicant
The information requested with this form are necessary to determine your identity correctly, to investigate details relating with your request and to transmit outcome of your application to you (“purpose”) and they can be processed for this purpose. For this reason, please transmit your information correctly and completely. Your personal data being requested will not be used for reasons other than realization of purpose.
Your name-last name:………………….
Your T.R.ID no:…………………………
Your phone no:………………………….
Your e-mail address:………………….
Your address:……………………………..
Relationship of applicant with EMC Medya
1.Please state your relationship with EMC Medya.
For example: Employee, shareholder, company officer, customer, customer officer/employee, reseller
………………………………………………………………………………………………………………………….
…………….
2.With which department in EMC Medya you had contact with?
………………………………………………………………………………………………………………………….
…………….
- Request of applicant
Please explain your request in detail below.
………………………………………………………………………………………………………………………….
…………….
………………………………………………………………………………………………………………………….
…………….
………………………………………………………………………………………………………………………….
…………….
………………………………………………………………………………………………………………………….
…………….
………………………………………………………………………………………………………………………….
…………….
………………………………………………………………………………………………………………………….
…………….
- Method of notifying the reply to be given to the application
Reply to be given to the application can be deliver to your above written e-mail address by mail to your address via registered mail with return receipt or through notary.
- Annexes
-It is required for documents supporting your request, if any, to be added to the form.
-If you apply individually, enclose a copy/photocopy of documents proving your identity card, driving license, passport etc.) to the form.
-If application is made through proxy, it is required for copy of warrant of attorney including private authorization to be submitted to EMC Medya as attached to the form.
I request for my application which I have made to EMC Medya in line with requests I have stated above to be evaluated as per 13th article of law and for information to be given to myself.
Information about applicant (Personal data owner/proxy)
Name-last name:……………………………….
Application date:……………………………….
Signature:…………………………………………