Data Retention and Destruction Policy
Detailed information regarding our data storage processes, security measures, and legal data destruction procedures.
PERSONAL DATA STORAGE AND DESTRUCTION POLICY
This Policy has been prepared in accordance with the Law No. 6698 on the Protection of Personal Data and the Regulation on the Deletion, Destruction or Anonymization of Personal Data, in order to determine the procedures and principles regarding the storage and destruction activities carried out by Paktaş Platform A.Ş. ("the Company").
1. Recording Media
Personal data belonging to data subjects is securely stored by our Company in accordance with the law in the environments listed below:
- Electronic Environments: Servers, software (CRM, accounting programs), cloud systems, databases, computers, and portable storage devices.
- Physical Environments: Unit cabinets, archives, folders, and written forms.
2. Legal Reasons Requiring Concealment
In our company, data is stored for periods explicitly stipulated by law, for the establishment and performance of contracts, for the fulfillment of legal obligations, and for the establishment, exercise, or protection of a right.
3. Technical and Administrative Measures
Paktaş Platform takes the following measures to ensure the security of your data:
- Administrative Measures: GDPR awareness training for employees, confidentiality agreements, updating the data processing inventory, and creation of access authorization matrices.
- Technical Measures: Firewalls, up-to-date antivirus systems, encryption methods, periodic penetration tests, and data backup processes.
4. Destruction Techniques
Data whose retention period has expired or whose processing conditions no longer exist will be destroyed using one of the following methods:
- Deletion of Personal Data: The process of making data inaccessible and unusable for the relevant users.
- Destruction of Personal Data: Making the data completely inaccessible, irretrievable, and unusable by anyone (physical destruction, degaussing of magnetic disks, etc.).
- Anonymization: The process of rendering data in such a way that, even when matched with other data, it cannot be linked to an identified or identifiable natural person.
5. Storage and Disposal Period Table
As a general principle, if a specific time limit is determined in the legislation, that time limit is observed; otherwise, the following time limits are used:
| Veri Kategorisi | Saklama Süresi | İmha Süresi |
|---|---|---|
| Müşteri / Teklif Verileri | Sözleşme bitiminden itibaren 10 yıl | İlk periyodik imha döneminde |
| Servis / Bakım Kayıtları | Makine ömrü boyunca veya 10 yıl | İlk periyodik imha döneminde |
| Muhasebe ve Finans Kayıtları | 10 yıl (TTK ve VUK uyarınca) | İlk periyodik imha döneminde |
| Kamera Kayıtları (Güvenlik) | 30 Gün | Otomatik döngü / imha |
| İletişim Formu Verileri | 2 Yıl | İlk periyodik imha döneminde |
6. Periyodik İmha Süresi
Paktaş Platform, periyodik imha süresini 6 ay olarak belirlemiştir. Her yılın Haziran ve Aralık aylarında, saklama süresi dolan veriler yukarıda belirtilen tekniklerle imha edilir.
7. Politika Güncelleme
Bu Politika, mevzuat değişikliklerine veya Şirketimizin veri işleme süreçlerindeki değişimlere göre güncellenebilir. Güncel hal her zaman web sitemizde yayınlanacaktır.