Personal Data Disposal Policy

1. Principles Regarding the Deletion, Destruction or Anonymization of Personal Data

In order to set forth the procedure for the purpose of collecting and processing personal data of the data subjects (data owners), whose personal data are processed by obtaining their explicit consent, or upon their own request, what will be the fate of this data, under which procedures and principles it will be deleted, destroyed or anonymized. This policy has been established. The transactions will be carried out in accordance with the procedures and principles specified in the “Regulation on the Deletion, Destruction or Anonymization of Personal Data”.

All transactions regarding the deletion, destruction or anonymization of personal data are recorded and these records will be kept for at least three years, excluding other legal obligations.

2. Reasons Requiring Storage and Disposal of Personal Data

Your personal data; management of human resources processes, having the explicit consent of data subjects, being directly related to the establishment and performance of contracts, necessary for the legitimate interests of the data controller, ensuring the fulfillment of the purposes of establishing business partnerships with various projects, fulfillment of commercial activities, company law, event management are stored by us as specified in the relevant legislation and Policies for the management of corporate communication processes, the design and control of strategies regarding commercial activities, the provision of security and the fulfillment of obligations to legally authorized public institutions and organizations. are destroyed or destroyed as a result of the request of the person concerned or the decision of the Board.

3. Definitions

The equivalents of the technical terms included in the policy are shown below.
Recipient Group: It is the natural or legal person category to which personal data is transferred by the data controller.
Relevant User: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for technical storage, protection and backup of the data.
Destruction: It is the deletion, destruction or anonymization of personal data.
Law: The Law on Protection of Personal Data dated 24/3/2016 and numbered 6698.
Recording Environment: It is any environment where personal data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system.
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; It is an inventory that they create by associating personal data with the purposes of processing, data category, transferred recipient group and data subject group, and detailing the maximum time required for the purposes for which personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security.
Board: It is the Personal Data Protection Board.
Periodic Destruction: It is the process of deletion, destruction or anonymization that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the processing conditions of personal data in the law are eliminated.
Registry: It is the registry of data controllers kept by the Presidency of the Personal Data Protection Authority.
Data Registration System: It is the registration system in which personal data is processed and structured according to certain criteria.
Data Controller: (Ulusal Elektronik Teknolojileri San. ve Tic. A.Ş.) is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Anonymization: It is the rendering of personal data that cannot be associated with an identified or identifiable natural person in any way, even by matching with other data.
Deletion: It is the process of making personal data inaccessible and non-reusable for the relevant users.
Destruction: It is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Direct Identifiers: They are identifiers that, by themselves, directly reveal, disclose and distinguish the person with whom they are in a relationship.
Indirect Identifiers: They are identifiers that come together with other identifiers and reveal, reveal and distinguish the person with whom they are in a relationship.
Destruction: Deletion, destruction or anonymization of personal data.
Blackening: It is the process of scratching, painting and icing all of the personal data in such a way that it cannot be associated with an identified or identifiable natural person.
Masking: It is the process of deleting certain areas of personal data in a way that cannot be associated with an identified or identifiable natural person, scratching, painting and starring.

4. Mediums in which Personal Data are Recorded

Personal data of data owners are stored securely in the following environments in accordance with PDPL and relevant legislation.
Electronic Media: Backup tape, mailer
Physical Environments: Lockers, archive

5. Persons Managing and Working in the Process of Storage and Disposal of Personal Data

The titles, units and job descriptions of the authorized and responsible persons involved in the storage and destruction of personal data are given below. In the process of keeping Job Application Form and CVs -> Human Resources –> Human resources manager In the process of keeping personal files –> Human Resources –> Human resources manager In the process of keeping the data collected within the scope of occupational health and safety legislation (health reports, etc.) –> Occupational Health and Safety Specialist and Occupational Physician Storing data on work accident/occupational disease -> Workplace Physician and Human Resources Manager In the process of storing current account cards and invoices -> Finance -> Finance Department Officer

6. Technical and Administrative Measures Taken to Protect Personal Data and to Prevent Unlawful Processing and Access

Technical Measures Taken to Ensure the Lawful Storage of Your Personal Data and the Prevention of Unlawful Processing and Access
Personal data storage, processing and access activities are controlled by established technical systems.
Software and hardware including virus protection systems and firewalls are used.
The technical measures taken are reported to the person concerned.
Staff knowledgeable in technical matters are employed
Access authorizations are limited and authorizations are reviewed regularly.
In order to ensure that personal data is kept securely, backup programs are used in accordance with the law.
Accesses to data storage areas where personal data are stored are logged, and inappropriate accesses or access attempts are instantly communicated to the relevant parties.
Administrative Precautions Taken to Ensure the Lawful Storage of Personal Data and the Prevention of Unlawful Processing and Access
Employees are informed and trained about the law of protection of personal data and the storage and processing of personal data in accordance with the law.
Personnel who will process, store and access personal data are determined in the Personal Data Processing inventory.
All the activities carried out are analyzed in detail for all departments, and as a result of this analysis, personal data processing activities are revealed in the commercial and administrative activities carried out by the relevant business units.
In order to meet the legal compliance requirements determined on the basis of departments, awareness is created specific to the relevant departments and rules of practice are determined; Necessary administrative measures are implemented through in-house policies and trainings to ensure the control of these issues and the continuity of implementation
Employees are informed that the personal data they have learned cannot be disclosed to others in violation of the provisions of the Law on Protection of Personal Data No. 6698 and cannot be used for purposes other than processing, and that this obligation will continue even after they leave their job, and necessary commitments are taken from them in this direction.
Ulusal Elektronik Teknolojileri San. ve Tic. A.Ş.’s instructions and exceptions brought by the law, records are set that impose an obligation not to process, disclose or use personal data, and awareness of employees is created in this regard.

Technical and Administrative Measures Taken for the Legal Disposal of Personal Data

Secure Deletion from Software: While deleting data processed by fully or partially automated means and stored in digital media; Methods for deleting the data from the relevant software are used so that it cannot be accessed and reused in any way for the relevant users.
Deletion of Related Data in the Cloud System by Giving the Delete Command: Removing the access rights of the relevant user on the file or the directory where the file is located on the central server; Deleting the relevant rows in databases with database commands or deleting the data in portable media, ie flash media, by using appropriate software can be counted within this scope.
However, if the deletion of personal data will result in the inaccessibility of other data within the system and the inability to use this data, the personal data will be deemed deleted if the personal data is archived in a way that it cannot be associated with the data subject, provided that the following conditions are met.
Being closed to the access of any other institution, organization or person,
Taking all necessary technical and administrative measures to ensure that personal data can only be accessed by authorized persons.
Secure Deletion by Expert: In some cases, Ulusal Elektronik Teknolojileri San. ve Tic. Inc. You can agree with a specialist. In this case, the personal data will be securely deleted by the person who is an expert in this field, in a way that will be inaccessible and unusable for the Relevant Users in any way.
Blackening of Personal Data in Paper Media: It is a method of physically cutting and removing the relevant personal data from the document in order to prevent the unintended use of personal data or to delete the data requested to be deleted, or to make them invisible by using fixed ink, which cannot be recovered and read with technological solutions.
De-magnetization: It is the method of corrupting the data on it in an unreadable way by passing the magnetic media through special devices where it will be exposed to high magnetic fields.
Physical Destruction: Personal data can also be processed by non-automatic means, provided that they are part of any data recording system. When such data is destroyed, a system of physical destruction of personal data is applied so that it cannot be used later. The destruction of data in paper and microfiche media is also carried out in this way, since it is not possible to destroy them in any other way.
Overwriting: The overwriting method is to write random data consisting of 0s and 1s at least seven times over magnetic media and rewritable optical media by means of special software.
Anonymization Methods That Do Not Provide Value Irregularity: Without any change or addition/removal of the personal data stored with anonymization methods that do not provide value irregularity; is the generalization, replacement of any personal data group or the removal of a certain data or sub-data group from the group.
Variable Extraction: It is the anonymization of the existing data set by removing the “high-degree descriptive” variables from the variables in the data set created after the data collected by the method of extracting the descriptive data.
Removing Records: The data line that contains singularity among the data is removed from the records, and the stored data is anonymized.
Regional Concealment: Anonymization is provided by concealing the relevant data, if it has a determinative nature, since a single data creates a very rarely visible combination.
Lower and Upper Bound Coding: It is the anonymization of the values in a data group containing predefined categories with the lower and upper bound coding method by combining them by determining a certain criterion.
Generalization: With the data aggregation method, many data are aggregated and personal data is rendered incapable of being associated with any person.
Global Coding: With the data derivation method, a more general content is created than the content of personal data and it is ensured that personal data cannot be associated with any person.
Anonymization Methods That Provide Value Irregularity: Contrary to the anonymization methods that provide value irregularity, corruption is created by changing some data in personal data groups, unlike those that do not provide value irregularity.
Adding Noise: The method of adding noise to the data is anonymized by adding some positive or negative deviations at the determined rate to the existing data, especially in a data set where numerical data are predominant.
Micro-Aggregation: In the micro-joining method, all data is first separated into groups by arranging them in a meaningful order, and the value obtained by taking the average of the groups is written in place of the relevant data in the current group, thereby providing anonymization.
Data Exchange: In the data exchange method, the values of a variable are exchanged between the pairs selected from the stored data.
During the realization of the above-mentioned situations, full compliance with the provisions of the PDPL, the Regulation and other relevant legislation is ensured in order to ensure data security and all necessary administrative and technical measures are taken.

8. Periodic Destruction Period of Personal Data

Ulusal Electronic Technologies Industry. ve Tic. A.Ş. will be checked periodically at regular intervals, and those whose processing conditions have been completely eliminated will be deleted, destroyed or anonymized.
These periodic inspection and destruction procedures to be applied to personal data are carried out by Ulusal Elektronik Teknolojileri San. ve Tic. Inc. It is included in the Personal Data Processing Inventory created by the Company and submitted/to be submitted to the VERBIS system.

9. Periods for Ex officio Deletion, Destruction or Anonymization of Personal Data

Your personal data will be deleted, destroyed or anonymized in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises. This period will probably not exceed six months.
In the event that irreparable or impossible damages arise and there is a clear violation of the law, the Board may shorten the period specified in this article.

10. Periods to be Applied to the Request for the Deletion, Destruction or Anonymization of the Personal Data of the Data Owner

The Data Owner may submit their requests regarding the implementation of the Law in writing or by other methods to be determined by the Board to Milli Elektronik Teknolojileri San. ve Tic. A.Ş. Ulusal Electronic Technologies Industry. ve Tic. A.Ş. accepts the request or rejects it by explaining its reason and notifies the relevant person in writing or electronically within thirty days at the latest. If the request in the application is accepted, necessary action will be taken.
If the processing conditions of the personal data subject to the request are no longer valid, the personal data subject to the request is deleted, destroyed or anonymized. The requests in the application are concluded free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be taken as a basis. Ulusal Electronic Technologies Industry. ve Tic. A.Ş., the fee charged is returned to the data owner.
Unless a contrary decision is taken by the Board, the appropriate method of ex officio deletion, destruction or anonymization of personal data is given to Ulusal Elektronik Teknolojileri San. ve Tic. Inc. will be selected by Upon the request of the relevant person, Ulusal Elektronik Teknolojileri San. ve Tic. A.Ş. chooses the appropriate method by explaining the reason.
If the personal data subject to the request has been transferred to third parties, this will be notified to the third party; It will be ensured that necessary actions are taken within the scope of the Regulation on the Deletion, Destruction or Anonymization of Personal Data before the third party.
You can apply in writing* to the address specified below, by filling out the form available on the Company’s website, regarding the processing of your personal data.

Ulusal Electronic Technologies Industry. ve Tic. Inc. Contact information

Head Office Address: Istanbul World Trade Center A3 Blok K:13 No:403-404 Yesilkoy / Istanbul
Head Office Phone Number: (0) 212 465 3896
Contact Mail Address: kvkk@ulusalelektronik.com
Website address for communication: http://www.ulusalelektronik.com/
*Please indicate the subject on the envelope as “Information Request Under the Law on the Protection of Personal Data” in case of a written application.

Personal Data Disposal Policy