A. SCOPE
1. THIS PERSONAL DATA PROCESSING POLICY (“Policy”); It includes all the directorates, units and employees of the Institution involved in the processes where PLUSCOM İLETİŞİM A.Ş. processes personal data and third parties.
2. This Policy; It covers all storage and destruction activities that PLUSCOM İLETİŞİM A.Ş. will apply on personal data.
3. This Policy will only be applied to the destruction and storage of personal data.
4. The Law, Regulation or other legislation is partially or completely changed, amended,
In the event that it is updated or repealed, the Institution will change the Policy by updating it in accordance with the new Law, Regulation or legislation.

B. DEFINITIONS
The concepts used in the implementation of this Policy express the meanings given below;
Recipient group It is the group formed by natural or legal persons to whom personal data is transferred by the data controller.

Relevant user Except for the person or unit responsible for the technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller.

Destruction Deletion, destruction or anonymization of personal data.
The Law is Law No. 6698 on the Protection of Personal Data.
Recording medium Any medium that contains personal data that is fully or partially automated or processed non-automatically provided that it is a part of any data recording system.

The personal data processing inventory includes the personal data processing activities carried out by PLUSCOM İLETİŞİM A.Ş. It is the inventory that the personal data is created by associating it with the data category, the recipient group and the data subject group, and elaborates the maximum period required for the purposes for which the personal data is processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security.

The Board is the Personal Data Protection Board.
In the event that all the conditions for the processing of personal data included in the Law on periodic destruction are eliminated, PLUSCOM İLETİŞİM A.Ş. It is the deletion, destruction or anonymization to be carried out ex officio by

The Registry is the Data Controllers Registry kept by the Presidency.
Data recording system It is a recording system in which personal data are structured and processed according to certain criteria.

Data Controller is a natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

The Regulation is the Regulation on the Deletion, Destruction or Anonymization of Personal Data.

C. PURPOSE AND SCOPE
This Policy is applied to real or legal persons who are responsible for the destruction of personal data included in the Regulation established in accordance with Article 7 of the Law and determines the principles to be followed by third parties whom PLUSCOM İLETİŞİM A.Ş. In accordance with the Regulation, PLUSCOM İLETİŞİM A.Ş., a Data Officer with the obligation to register in the Registry
Ş. is obliged to prepare and act in accordance with this Policy in order to store the personal data under its responsibility in accordance with the personal data inventory and to destroy it when necessary.
The following principles will apply to the storage and destruction of personal data:
a) General principles in article 4 of the Law will be complied with.
b) PLUSCOM İLETİŞİM A.Ş. accepts that having prepared this Policy alone does not mean that personal data is destroyed in accordance with the Regulation, Law and relevant legislation.
c) PLUSCOM İLETİŞİM A.Ş., while storing or deleting personal data, destroying or making it anonymous
accepts, declares and undertakes that it will act in accordance with the security measures in Article 12 of the Law, the provisions in the relevant legislation, the decisions of the Board and the Policy.
d) PLUSCOM İLETİŞİM A.Ş., the means and program to be applied in accordance with this Policy and the Policy during the destruction of personal data that is fully or partially automated or processed by non-automatic means provided that it is a part of any recording system. and undertakes to comply with the processes.
e) PLUSCOM İLETİŞİM A.Ş. takes all kinds of minimum technical and administrative measures stipulated by the law regarding the safe storage of personal data and the prevention of unlawful processing and access. These technical and administrative measures are described in the technical guides created for the methods to be used for the storage and destruction of personal data.
f) PLUSCOM İLETİŞİM A.Ş. determines the title, unit and job descriptions of those who will take part in the processes of storing and destroying personal data.

D. RECORDING MEDIA
PLUSCOM İLETİŞİM A.Ş.Agrees to include personal data in environments containing personal data and listed below, and other environments that may arise in addition to these, within the scope of the Policy.
a) Computers / servers
b) Network devices,
c) Shared / non-shared disk drives used for data storage on the network, d) Mobile phones and all storage areas inside,
e) Paper,
f) Micro plug,
g) Peripherals such as printer, fingerprint reader,
h) Magnetic tapes,
i) Optical discs,
j) Flash memories.

E. CONDITIONS REQUIRING DISPOSAL OF PERSONAL DATA
In the event of a violation within the scope of the following, the Potential Security Violation is accepted and PLUSCOM İLETİŞİM A.Ş. Security breach processes will be operated by PLUSCOM İLETİŞİM A.Ş. management will be shared with the Board and the relevant personal data owners. For this purpose, violation management processes of PLUSCOM İLETİŞİM A.Ş. will be applied to make such reports and notifications.
1. Violation of the Law
PLUSCOM İLETİŞİM A.Ş. undertakes that it will not process personal data contrary to the manner specified in the Law.
PLUSCOM İLETİŞİM A.Ş., unless there are exceptions in terms of processing personal data in Articles 5 and 6 of the Law;
a) Will not keep the personal data of persons who do not obtain their express consent except for the exceptions specified in the Law.
b) PLUSCOM İLETİŞİM A.Ş. This personal data will not be stored and will be destroyed.
2. Elimination of Personal Data Processing Conditions PLUSCOM İLETİŞİM A.Ş. is responsible for the update of data processing conditions and shares this responsibility with all relevant employees who process personal data. Employees will not continue data processing in cases where data processing conditions no longer exist. The determination of these situations is made by the KVKK Committee with the suggestion of the relevant business unit and the destruction process is carried out in accordance with this Policy. PLUSCOM İLETİŞİM A.Ş. It accepts that the data processing conditions are eliminated in the relevant cases listed below and specified in the Regulation:

a) Changing or abolishing the provisions of the relevant legislation that constitute the basis for processing personal data;
b) The contract between the parties has never been established, the contract is invalid, the contract is automatically terminated, the contract is terminated or the contract is withdrawn,
c) No longer the purpose requiring the processing of personal data,
d) Processing of personal data is against the law or the rule of honesty,
e) In cases where the processing of personal data takes place only on the basis of express consent, the person concerned withdraws his consent
f) The acceptance of the application made by the person concerned regarding the personal data processing activity within the framework of the rights in subparagraphs (e) and (f) of the Law Article 11,
g) In the event that PLUSCOM COMMUNICATION INC. refuses the application made by the person concerned with the request for the destruction of his personal data, the response he gave is insufficient or does not respond within the period stipulated in the Law; Complaining to the Board and approval of this request by the Board,
h) Although the maximum period for the storage of personal data has passed, there are no conditions that would justify the storage of personal data for a longer period of time.

F. DISPOSAL OF PERSONAL DATA
The destruction of personal data can be done in three different ways, such as deletion, destruction or anonymization of the data described in detail below. PLUSCOM İLETİŞİM A.Ş. The KVKK Committee makes a written decision on the method to be used for the destruction of personal data, depending on the reason for this destruction, in line with the information provided by the relevant business units within its body, the information systems in which the said personal data are located and the application owners. In accordance with this written decision, one of the methods of destruction in article (G) of this Policy is applied in accordance with the Guidelines for Deletion, Elimination and Anonymization of Personal Data published by the Board. Regarding the methods to be used for the storage and destruction of personal data, PLUSCOM İLETİŞİM A.Ş. it also creates technical guidelines and ensures their implementation. Following the destruction of personal data PLUSCOM İLETİŞİM A.Ş. It is the responsibility of the relevant data owner business unit within. The data owner business unit receives support from different units of PLUSCOM İLETİŞİM A.Ş. for the destruction of the data provided that it is controlled by itself.
1. Deletion of Personal Data
Deletion of personal data processed by fully or partially automated means; It is the process of making the personal data in question inaccessible and unavailable in any way by the relevant users. In the process of deletion of personal data that is a part of any data recording system and processed by non-automatic means, legal retention periods are taken into consideration. The personal data that will be subject to deletion are determined. PLUSCOM İLETİŞİM A.Ş. In terms of accessing and authorizing personal data, PLUSCOM İLETİŞİM A.Ş.makes updates within the current role and authorization matrices on information systems and applications and identifies relevant users. Authorities and methods such as access, retrieval and reuse of the Related Users are determined within this scope. When PLUSCOM İLETİŞİM A.Ş.will delete personal data, it renders the data inaccessible or unavailable in any way. PLUSCOM İLETİŞİM A.Ş. guarantees that the data cannot be accessed or reused by any user while performing this process.
2. Destruction of Personal Data
The destruction of personal data is the process of making personal data inaccessible, unrecoverable and reusable in any way. Destruction will be carried out in cases where PLUSCOM İLETİŞİM A.Ş. processes data in physical recording environments. PLUSCOM İLETİŞİM A.Ş. is obliged to make this data unrecoverable.
While this process is being carried out for paper and microfiche media, the media will be destroyed by being broken into small pieces in such a way that they cannot be reassembled by paper shredding or clipping machines. Also, PLUSCOM İLETİŞİM A.Ş. Within this scope, it can receive destruction service from Third Parties.
3.Anonymization of Personal Data
The process of anonymization is to render personal data completely or partially processed by automated means of PLUSCOM İLETİŞİM A. PLUSCOM İLETİŞİM A.Ş., by removing or changing all direct and / or indirect identifiers in the relevant data set, prevents the identification of the relevant person from being identified and loses its distinctiveness in a group or crowd in a way that cannot be associated with a real person. During the anonymization of data, PLUSCOM İLETİŞİM A.Ş. may use methods such as one-way functions and encryption.

G. DISPOSAL METHODS AND PROCESS OF PERSONAL DATA
For the destruction of personal data, PLUSCOM İLETİŞİM A.Ş.defines all methods that can be used during destruction in this Policy and its annexes. The data owner business unit is obliged to determine and apply the appropriate method in this Policy according to the appropriate situation. During the destruction of personal data, PLUSCOM İLETİŞİM A.Ş. According to the written decision it will make, it performs the destruction by choosing the appropriate method from the following:
1. Overwriting
It is the process of making old data unreadable by writing random data consisting of 0 and 1 at least 7 times with software on magnetic media and rewritable optical media.
2. Magnetizing
It is the process of making the data on the magnetic media unreadable by physical change in the high magnetic field.
3.Physical Destruction
It is the process of physical destruction of optical media or magnetic media by melting, powdering, grinding and similar processes. It can be applied in cases where magnetizing or overwriting methods have failed.
4. Cloud Destruction
After the notification of destruction of personal data stored on cloud systems to the contracted service provider, all copies of the encryption keys of personal data are destroyed.
is the process to be.
5. Destruction of Personal Data in Environmental Systems
It is the destruction process that must be done by applying overwriting, magnetizing or physical destruction on the internal unit if there is any, and if not, the entire device that contains personal data in systems such as printer, fingerprint unit, door entry turnstile. Such destructions must be implemented before the devices are subjected to backup, maintenance and similar processes.

H. STORAGE AND DESTRUCTION PERIODS
1. Periodic Destruction and Legal Retention Periods
Physical and electronic data that expire the legal storage and destruction periods are periodically destroyed. PLUSCOM İLETİŞİM A.Ş. destroys personal data in the first periodic destruction process following the date when the obligation to destroy occurs. Periodic destruction is carried out at 1-year time intervals for all personal data. The legal retention periods to be taken as basis during periodic destruction are determined in the Company’s Personal Data Inventory. The disposal process is applied during the first periodic destruction following the obligation of destruction. All transactions regarding the destroyed personal data are recorded and these records are kept for 3 years.
2.Destruction Process Upon Request by Data Owners
In cases where data owners request the destruction of their personal data by applying to PLUSCOM İLETİŞİM A.Ş., it checks the current status of the personal data processing conditions. As a result of this control;
– If it is understood that all the conditions for processing personal data have disappeared, the personal data subject to the request u It is destroyed within thirty days at the latest in accordance with the decisions and methods specified in the Policy and the relevant person is informed.
– If it is understood that the personal data processing conditions have disappeared and the personal data subject to the request is transferred to third parties, PLUSCOM İLETİŞİM A.Ş. informs the relevant third party about this situation; Performing the necessary procedures within the scope of the Regulation before the third person
provides.
– If the personal data processing conditions are not completely eliminated, PLUSCOM İLETİŞİM A.Ş. It may reject the request by explaining its reason to the relevant data owner and notifies the relevant person in writing or electronically within thirty days at the latest.

In order to meet and respond to requests from data owners, PLUSCOM İLETİŞİM A.Ş. The Management Process of Requests and Complaints from Personal Data Owners is created within the body.

İ. AUTHORIZATION IN DESTRUCTION AND STORAGE PROCESSES
PLUSCOM İLETİŞİM A.Ş., the people involved in the processes of storing and destroying personal data and their job descriptions are as follows;
– KVKK Committee: It convenes once a month under the presidency of the Legal Advisor. It makes decisions about policies and methods by working with relevant business units on the storage and destruction of personal data, ensures that the policy and its annexes are kept up-to-date,
In cases, PLUSCOM İLETİŞİM A.Ş.’s Process Management works closely with other units to ensure that the Policy is carried out in accordance with the Law and Regulation.
– Information technologies: It ensures that the relevant destruction and storage processes are carried out in accordance with the Law and Regulation in the light of the decisions and methods specified in the Policy.
– Relevant business units: Indicates their opinions and reasons for determining policies and methods regarding the storage and disposal of personal data, and follows up the actions to be carried out under this Policy.

J. CHANGES TO THE POLICY
1. In the event that the Law, Regulation or other legislation is partially or completely changed, amended, updated or abolished, PLUSCOM İLETİŞİM A.Ş. It will change the policy by updating it to comply with the new Law, Regulation or legislation.
2. PLUSCOM İLETİŞİM A.Ş. will share the updated Policy so that the changes on the Policy can be examined with its employees via e-mail and will make it available to the relevant parties over the corporate intranet.

K. EFFECTIVE DATE OF THE POLICY
This Policy entered into force on 15.01.2021.

pluscom

Pluscom Footer Galeri
About Us
Pluscom Footer Galeri
Outbound
Pluscom Footer Galeri We are on Instagram!
Pluscom Footer Galeri
Inbound

needs of our customers
suitable solutions
we offer.

Pluscom Footer Galeri
Services
Pluscom Footer Galeri
Working at Pluscom
Pluscom Footer Galeri
Contact