Policy of Storing and Destructing Personal Data

GOLDEN MAPRIX LLC POLICY FOR STORING

AND DESTRUCTING OF PERSONAL DATA

 

  1. Introduction


1.1. Purpose

 

As part of its legal and social responsibility; Golden Maprix Grup Organik Tarım Ürünleri İthalat İhracat Ticaret ve Sanayi Limited Şirketi  (‘Golden Maprix’) is obliged to act in accordance with the legal legislation in force regarding the protection of personal data, particularly the Constitution of the Republic of Turkey (“Constitution”) and the Personal Data Protection Act No. 6698 (the “Act of the KVK”), and GOLDEN MAPRIX carries out the necessary work on protecting personal data by making compliance with such legal legislation a life cycle.

 

The company has determined it (The processing of personal data belonging to company employees, dispute parties, employees of private law and public legal entities, shareholders and officials and other third parties in accordance with the ‘Constitution’, international agreements, ‘Law’, ‘Regulation’ and other relevant legislation) as a priority to ensure that the relevant persons exercise their rights effectively in line with the determined mission, vision and basic principles; customers, potential customers, employees, employee candidates, employee relatives, suppliers, supplier officials, supplier employees, service providers, people who buy products or services, visitors, tenants, lessors, company shareholders, company officials, third parties, service providers.

 

In accordance with the Personal Data Storage and Destruction Policy (the ‘Policy’), the Law No.6698 on the Protection of Personal Data, the Regulation on Deletion, Destruction or Anonymization of Personal Data and the relevant legislation, the procedures and procedures regarding the storage and disposal activities carried out by Golden Maprix It has been prepared to determine the principles.

 


1.2.Scope
This Policy relates to all personal data of customers, potential customers, employee candidates, institutional shareholders, authorized officials, visitors, employees, shareholders and officials of cooperating institutions and third parties, which are processed automatically or by non-automatic means provided that they are part of any data recording system.

 

In accordance with the KVK Act and related legal legislation, Golden Maprix sets the basic principles adopted in the processing and protection of personal data, administrative and technical measures taken on the protection of personal data and the procedures and principles for determining the maximum time required for the purpose they are processed, wiping, destroying and making anonymous with this policy.

1.3. Definitions

Express Consent Consent on a particular issue, based on information and free will.
Receiver Group Category of real or legal entity to which personal data is transferred by the data principal.
Personal Data Any information pertaining to an identified or identifiable natural person.
Private Personal Data Biometric and genetic data with data on race, ethnicity, political thinking, philosophical beliefs, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures.
Relevant Person The person whose personal data is processed.
Relevant User Persons who process personal data within the data manager organization or in accordance with the authority and instruction it receives from the data manager, except for the person or unit responsible for technically storing, protecting and backing up the data.
Destruction Deletion, destructing or Anonymizing of the data,
Anonymization It is the change of personal data in a way that loses the quality of personal data and this situation cannot be recovered.
Employee Employees of Golden Maprix
Employment Applicant Real persons who have applied for an employment position in any way or have sent their resume and related information to the company’s review
Electronic environment Environments where personal data can be created, read, modified, and written with electronic devices.
Non-Electronic Environment All written, printed, visual, etc. except electronic media. Other environments
Constitution Constitution of Republic of Turkey
KVK Act Personal Data Protection Act No. 6698
KVK Board Board of Personal Data Protection
KVK Institution Institution of Personal Data Protection
Recording Media Any media where personal data is processed in ways that are completely or partially automated or are not automated, whether they are part of any data registration system.
Processing Personal Data Any action taken on data such as obtaining, saving, storing, replacing, reorganizing, explaining, transferring, inheriting, obtainable classification or preventing the use of personal data in non-automated means, provided that it is completely or partially automated or part of any data recording system.
Personal data processing inventory Personal data processing activities carried out by data controllers depending on the business processes; The inventory that they have created by associating with the data category, the recipient group and the data subject group of personal data processing purposes and the legal reason, explaining the maximum retention period required for the purposes for which the personal data is processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security.
Customer Real persons who use the products and services offered by our Company, regardless of whether they have any contractual affiliation with our Company.
Data Processor It is a real and legal entity that processes personal data on its behalf, based on the authority given by the data controller. For example, the cloud computing company that keeps our Company’s data, the surveyors that have customers sign the forms, the call centre that calls under instructions, etc..
Data Record System Registration system where personal data are structured and processed according to certain criteria
Data Controller  Natural or legal person, who determines the purposes and means of processing personal data, establishes and manages the place where data is systematically kept (data recording system).
Data Controllers Registry Data Controllers Registry kept by the Presidency of the KVK Act Authority and open to the public under the supervision of the KVK Act Board
VERBİS Data Controllers Registry Info System
Visitor Real persons who have entered the physical settlements of the company for various purposes or visited websites.
Employees, Shareholders and Officials of the Companies that We Cooperate with Real persons with employees, shareholders and officials of the companies engaged in business relations with Golden Maprix (especially and not limited to performance assistant, business partner, supplier, program partner, etc.)
Golden Maprix Suppliers Third parties from whom Golden Maprix purchases products and / or services based on contract
Periodical Destruction Deletion, destruction or anonymization of personal data at repeated intervals specified in the policy of retention and destruction of personal data in the event that all of the terms of processing of personal data contained in the law are eliminated.
Potential Customer Real persons who have requested to purchase and / or use our products and services or who have been evaluated in accordance with the rules of commercial practice and honesty
Policy Golden Maprix’s Policy of Protecting, Processing, Retention and Destruction of Personal Data
Company Golden Maprix LLC
Company Shareholders Real persons with Golden Maprix shareholders
Company Authority Golden Maprix Board Member and other authorized real persons
Relevant Person Data Owner Application Form  Application form that data owners will use when using their applications regarding their rights in Article 11 of the KVK Act.
Third Party Third real persons in relation to these parties to ensure the security of trade transactions between the parties described above or to protect and benefit the rights of the parties mentioned in question
Regulation Regulation on The Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.

 

 

  1. Responsibility and Task Distributions

 

All units and employees of the company; in order to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to ensure that personal data are stored in accordance with the law, by applying the technical and administrative measures taken by the responsible units within the scope of the Policy, to increase the training and awareness of the employees of the unit, to monitor and monitor them continuously.

 

The titles, units and job descriptions of those involved in the storage and disposal processes of personal data are given in the table below.

 

 

Title Unit Duty
CEO Management Responsible for employees to comply with the policy
KVK Commitee The Committee established to ensure compliance and supervision of the company with KVK processes Responsible for drafting, developing, executing, publishing and updating the policy in relevant environments.
Information Technologies IT Management Responsible for delivering the technical solutions needed to implement the policy.
HR, Brand Communication and Customer Experience, Marketing, Sales, Law Other units Responsible for the conduct of the Policy in accordance with their duties.

  1. Recording Media

 

Electronic Media; servers, software, hard or portable disks, optical disks, information security devices, personal computers, mobile devices, portable memory, printer, scanner, copier, cloud environments,

Non-electronic Media
; paper, manual data recording systems, written, printed, visual media

  1. Explanations Related to Storing and Destruction

 

In accordance with the law the data of; customers, potential customers, employees, employee candidates, employee relatives, suppliers, supplier officials, supplier employees, service providers, product or service providers, visitors, tenants, leaseeers, company shareholders, company officials, employees, employees, employees, 3. Personal data belonging to the parties, the employees of the serving company, the parties to the dispute, the employees, shareholders and officials of the private law and public entities involved, and the employees of the third parties, institutions or organizations involved are stored and destroyed by the company. In this context, detailed explanations of storage and destruction are listed below, respectively.


4.1. Explanations Related to Storing

 

Golden Maprix, in accordance with the relevant provisions of the Law, store personal data within the framework of its activities for a period of time as prescribed in the relevant legislation or for processing purposes.

 

4.1.1. Legal Reasons for Storing

 

In our company, personal data processed within the framework of its activities are retained for as long as prescribed in the relevant legislation. In this context, personal data are stored as long as the prescribed retention period.of Turkish Commercial Code, Debts Law, Personal Data Protection Law, Social Insurance and General Health Insurance Law, Regulation of Publications made on the Internet and The Law on Combating Crimes Committed Through These Publications, Occupational Health and Safety Law, Labor Law, Law on the Regulation of Retail Trade, Law on the Regulation of Electronic Commerce and other secondary regulations in force in accordance with these laws.


4.1.2. Processing Purposes Requiring Storing

 

The Company stores the personal data it processes within the framework of its activities for the following purposes;

  • Promote goods and services offered by our company, promote members and increase communication, enhance image, register members to clubs established by Golden Maprix, prepare and send member-specific advertisements / promotion campaigns and announcements, provide customers with a better shopping experience, perform customer survey, customer satisfaction practices and information, audit, data analysis, research, statistical work, understanding trends, marketing and advertising services
  • Conducting the necessary work and related business processes by the relevant business units in order to carry out commercial activities carried out by the Company
  • Planning and execution of the Company’s commercial and/or business strategies
  • Ensuring the legal, technical and commercial-business security of the Company and its business contacts
  • To confirm the credentials of the shoper/person via the website/mobile applications, to record the address and other necessary information for communication, to organize all registrations and documents that will be based on processing in electronic (internet/mobile, etc.) or paper media,
  • To carry out the process of supplying consulting services to our customers and suppliers,
  • To fulfill the obligations undertaken in accordance with the contracts we have contracted in accordance with the provisions of the relevant legislation, to fulfill our legal obligations and to be able to use our rights arising from the applicable legislation,
  • To be able to inform public officials on public safety issues on demand and as required by legislation,
  • Using it as evidence for conflicts that may arise
  • Planning and execution of market research activities for the sales and marketing of products and services in the planning of company recruitment and employee processes
  • Planning and execution of corporate communication activities
  • Planning and execution of logistics activities
  • Creation and Tracking of Visitor Records
  • To ensure the security of transactions and information, to prevent transactions that may include fraudulent or illegal activities,
  • To provide customers with a better shopping experience,
  • Provide personalized shopping services (customer survey, customer satisfaction application and information, audit, data analysis, research, statistical study, understanding trends, marketing and advertising services),
  • Proper and proper use of Golden Maprix services;
  • Fulfillment of obligations within the scope of legal legislation,
  • To make our website and applications easier to use,
  • Providing information retention, reporting, information and information provided to auditing companies, the relevant proxy or proxy, as prescribed by regulatory and supervisory authorities
  • Planning, supervision and execution of information security processes,
  • Preparation and presentation of various reports, research and/or presentations;
  • Collection, evaluation and meeting of complaints, questions, requests and suggestions of the Person concerned;
  • Planning and execution of customer relationship management processes
  • Planning and execution of sales and marketing processes of products and/or services
  • Fulfillment of the contracts contracted with the customer,
  • Follow-up and execution of legal work
  • Follow-up of contract processes and/or legal claims,
  • To get to know our members and improve our communication,
  • Better and more reliable service to our customers, more appropriate services and products can be developed and they can be maintained continuously,
  • Customizing and recommending the products and services offered by Golden Maprix according to customers’ tastes, usage habits and needs,
  • Visiting institutions or websites, and organizing training, seminars or organizations organized by the Institution when call centers or websites are used to use Golden Maprix services,
  • Management of relationships with partners and/or suppliers,
  • Ensuring the safety of the company’s Headquarters, warehouses, stores, etc.
  • Planning and execution of emergency management processes,
  • Planning and execution of the processes related to subcontractors,
  • Tracking financial and/or accounting duties,
  • Planning and monitoring of construction and/or construction works,
  • Conducting Management Activities,
  • Informing Authorized Persons, Institutions and Organizations,
  • Conducting Talent / Career Development Activities,
  • Execution of Investment Processes,
  • Ensuring the Security of Data Manager Operations,
  • Conducting the Wage Policy,
  • Conducting Supply Chain Management Processes,
  • Ensuring the Safety of Transported Goods and Resources,
  • Demand / Follow-up of Complaints,
  • Conducting Strategic Planning Activities,
  • Conducting Sponsorship Activities,
  • Conducting Social Responsibility and Civil Society Activities,
  • Storage and Execution of Archival Activities,
  • Conducting Performance Evaluation Processes,
  • Organization and Event Management,
  • Conducting Activities for Customer Satisfaction,
  • Conducting Customer Relationship Management Processes,
  • Execution of Goods / Services Production and Operation Processes,
  • Execution of Goods / Services Sales Processes,
  • Execution of Goods / Services After Sales Support Services,
  • Execution of Goods / Services Purchasing Processes,
  • Conducting Business Continuity Activities,
  • Taking and Evaluating Recommendations for Improvement of Business Processes,
  • Conducting Occupational Health / Safety Activities,
  • Conducting / Auditing Business Activities,
  • Planning human resources processes,
  • Conducting Communication Activities,
  • Internal Audit/ Investigation / Conduct of Intelligence Activities,
  • Execution of Assignment Processes,
  • Ensuring Physical Safety,
  • Conducting Company / Product / Services Loyalty Processes,
  • Conducting Finance and Accounting Jobs,
  • Execution of Access Powers,
  • Conducting Educational Activities,
  • Audit / Conduct of Ethical Activities,
  • Execution of Benefits and Benefits Processes for Employees,
  • Fulfillment of Employment Contract and Regulatory Obligations for Employees,
  • Execution of Employee Satisfaction and Loyalty Processes,
  • Execution of Application Processes of Employee Candidates,
  • Employee Candidate / Intern / Student Selection and Placement Processes,
  • Conducting Information Security Processes,
  • Conducting collective bargaining agreement activities contracted with the Union.

 

 

 

4.2. Principles for the Destruction of Personal Data in Accordance with the Law

All transactions regarding the deletion, suppression and anonymization of personal data are recorded and these records are kept for at least three years, excluding other legal obligations.

Golden Maprix complies with the following principles in the storage and disposal of personal data
a) Compliance with the law and honesty.

  1. b) Being accurate and up-to-date when necessary.
  2. c) Processing for specific, explicit and legitimate purposes.
  3. d) Being connected, limited and moderated with the purpose of its processing.
  4. e) Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

4.3. Reasons to Destroy the Personal Data

 

Golden Maprix destroys personal data for the following reasons;

 

  • The expiry of the periods determined by laws regarding the storage of personal data,
  • End of disposal period determined by Golden Maprix,
  • Expiry of periodic disposal period determined by Golden Maprix,
  • Amendment or abolition of the relevant legislation provisions that constitute the basis for processing personal data,
  • When the relevant contract has never been established, the contract is not valid, the contract is automatically terminated, the contract is terminated or the contract is withdrawn,
  • The disappearance of the purpose requiring the processing of personal data,
  • Processing of personal data is against the law or the rule of good faith,
  • In cases where the processing of personal data is only based on express consent, the person concerned withdraws his consent,
  • Acceptance of the application made by the relevant person regarding the personal data processing activity within the framework of his rights,
  • In the event that Golden Maprix refuses the application made by the person concerned with the request of deletion or destruction of his personal data, the response is found to be insufficient or does not respond within the period stipulated by the law; making a complaint to the KVK Board and approval of this request by the Board,
  • Although the maximum period for the storage of personal data has passed, there are no conditions that would justify the storage of personal data for a longer period.
  • Elimination of the conditions that require the processing of personal data in Articles 5 and 6 of the Personal Data Protection Law.

  1. Technical and Administrative Measures

 

Technical and administrative measures are taken by the Company within the framework of adequate measures determined and declared by the Board for privately qualified personal data in accordance with article 12 of the Law and Article 6 of the Act for the safe storage of personal data, unlawful processing and prevention of access, and the destruction of personal data in accordance with the law.


5.1. Technical Measures;

 

  • Network security and application security are provided.
  • Closed system network is used for personal data transfers over the network.
  • Key management is implemented.
  • Security measures are taken within the scope of supply, development and maintenance of information technology systems.
  • Security of personal data stored in the cloud is ensured.
  • Access logs are kept regularly.
  • Current anti-virus systems are used.
  • Firewalls are used.
  • Personal data security monitoring is carried out.
  • Personal data is reduced as much as possible.
  • Personal data is backed up and the security of the backed-up personal data is also ensured.
  • User account management and authorization control system is implemented and their monitoring is also carried out.
  • In-house periodic and/or random inspections are carried out and carried out.
  • Log records are kept without user intervention.
  • Current risks and threats have been identified.
  • Protocols and procedures for the security of specially qualified personal data are determined and implemented.
  • If special personal data is to be sent by e-mail, it must be sent encrypted and using KEP or corporate mail account.
  • Secure encryption / cryptographic keys are used for private personal data and managed by different units.
  • Attack detection and prevention systems are used.
  • Infiltration test is applied.
  • Cyber security measures have been taken and its implementation is constantly monitored.
  • Encryption is performed.
  • Portable memory, CDs, DVD media transmitted in a special quality contacts data is encrypted and transferred.
  • Data loss prevention software is used.

 

 

5.2 Administrative Measures;

 

  • There are disciplinary regulations for employees that include data security provisions.
  • Training and awareness studies on data security are carried out at certain intervals for employees.
  • Authorization matrix has been created for employees.
  • Corporate policies on access, information security, use, storage and destruction have been prepared and implemented.
  • Confidentiality commitments are made.
  • Employees who have a change of duties or who have left work are removed from their enti powers in this field.
  • Signed agreements include data security provisions.
  • Extra security measures are taken for personal data transmitted via paper and the relevant documents are submitted in confidentiality grade document format.
  • Personal data security policies and procedures have been set.
  • Personal data security issues are reported quickly.
  • Necessary security measures are taken regarding the entry and exit of physical environments containing personal data.
  • Safety of physical environments containing personal data against external risks (fire, flood, etc.).
  • Security of environments containing personal data is ensured.
  • Data processing service providers are periodically audited for data security.
  • Data processing service providers are aware of data security.

 

 

5.3 Internal Audit;

 

In accordance with Article 12 of the Act, the Company shall provide internal audits of the provisions of the Law and the implementation of this Personal Data Retention and Destruction Policy and the Provisions of the Personal Data Processing and Protection Policy. If deficiencies or defects related to the implementation of these provisions are detected as a result of internal audits, these deficiencies or defects will be corrected immediately.

 

If it is understood that personal data liability to the Company during or in other ways during the audit is obtained by others by unlawful means, the Company will report this to the relevant and The Board as soon as possible.

 

 

  1. Techniques of Deleting and Destructing Personal Data

Deletion or destruction of personal data is the process of making personal data inaccessible and unavailable in any way for relevant users. Golden Maprix deletes or destroys personal data by using the following techniques

 

  • Golden Maprix takes all necessary technical and administrative measures to ensure that the deleted personal data cannot be accessed and reused by the relevant users.
  • If the deletion of personal data will result in other data not being accessible and not being able to use this data, Golden Maprix applies the following rules;

– Archiving personal data by making it unrelated to the person concerned,

– Being unavailable to any other institution, organization and / or person

– Taking all necessary technical and administrative measures to ensure that personal data can only be accessed by authorized persons.

– In case of direct deletion request by real people, deletion of personal data of the relevant person from Golden Maprix systems.

 

  • Deletion of personal data that is a part of any data recording system and processed by non-automatic means;

– Blackening of unnecessary personal data,

– It is carried out by masking unnecessary personal data in paper form transferred to electronic media by scanning or without digitizing.

 

6.1 Deletion Methods

6.1.1 Deletion Methods for Personal Data Held in Printed Media;

Blackout; Personal data contained in the printed environment is deleted using the dimming method. The blackout process is carried out in the form of cutting the personal data on the relevant document where possible, and, where not possible, making it unscatchable using fixed ink, which cannot be returned and readable with technological solutions.

6.1.2 
Deletion Methods for Personal Data Stored in the Cloud and Local Digital Media
Safe deletion from software; Personal data kept in cloud or local digital environments are deleted by digital command so that they cannot be recovered. Data deleted in this way cannot be accessed again.

 


6.2 Destruction Methods

6.2.1 Destruction Methods for Personal Data Retained in Printed Media


Physical destruction: documents kept in the printed environment are destroyed in such a way that they cannot be brought together by the document destruction machines.

6.2.2 Destruction Methods for Personal Data Retained in Local Digital Media

 

Physical destruction: the process of physical destruction of optical and magnetic media containing personal data, such as melting, burning or dusting. Data is made inaccessible by processes such as melting, burning, dusting optical or magnetic media, or spending it through a metal grinder.

 

De-magnetizing (degauss): is the unreadable distortion of the data on magnetic media by exposure to a high magnetic field.

 

Overwrite; random data consisting of 0s and 1s is written at least seven times on magnetic media and re-writeable optical media, preventing the reading and recovering of old data.


6.2.3 
Methods of Destroying Personal Data Held in the Cloud

 

Secure deletion from software: Personal data held in the cloud is deleted by digital command so that it cannot be recovered again, and all copies of the encryption keys required to make personal data available are destroyed when the cloud computing service relationship ends. Deleted data in this way is not available again.

 


  1. Techniques of Anonymizing Personal Data

The anonymization of personal data is the rendering of personal data that cannot be associated with an identified or identifiable natural person under any circumstances, even if they are matched with other data. Golden Maprix can anonymize personal data if the conditions for processing personal data that are legally processed cease to exist. Thus, anonymized personal data can be processed for purposes such as research, planning and statistics in accordance with Article 28 of the KVK Law. Such processing is outside the scope of the KVK Law, and the explicit consent of the personal data owner will not be sought. Since personal data processed by anonymization will be outside the scope of the KVK Law, the rights regulated in Section 9 of this Policy will not apply to these data.

 

Golden Maprix uses the following techniques for the anonymization of personal data..

7.1 Masking

Data masking is the method of anonymization of personal data by extracting the basic determinant information of personal data from the data set. For example, extracting information such as first name, last name, ID No., etc., which allows identification of the personal data owner

7.2 Aggregation

By data aggregation method, many data are aggregated and personal data cannot be associated with any person. For example, a statement that there are as many as Y customers at the age of X, without specifying their age

7.3 Data Derivation

By data derivation method, a more general content is created than the content of personal data and it is ensured that personal data cannot be associated with any person. For example, stating the age instead of the date of birth

7.4 Data Hash

By mixing the data hash method with its values within the personal data set, it is possible to break the link between values and contacts.

  1. Storage and Destruction Times of Personal Data and Periodic Destruction Times

Golden Maprix deletes, destroys or anonymizes personal data in the first periodic destruction following the date on which the obligation to delete, destroy or anonymize personal data arises. The periodic time for destruction is six months. Retention times for personal data are determined in accordance with the KVK Law and business processes.

 

The KVK Board may shorten the periods specified in this article in case of damages that are difficult or impossible to compensate and there is an obvious violation of the law.

 

 

Data Category

Data Retention Time
1-ID Personal Data 15 15years after the end of the legal relationship
2-Communicational Personal Data 15 years after the end of the legal relationship
3-Locational Personal Data 10 years after the end of the legal relationship
4-Personal Data 15 years after the end of the legal relationship
5-Legally procedural personal data 10 years after the end of the legal relationship
6-Customery procedural personal data 10 years after the end of the legal relationship
7- Physical Space Security Personal Data 1 Year
8- Process Security Personal Data 10 years after the end of the legal relationship
9-Financial Personal Data 10 years after the end of the legal relationship
10-Vocational Personal Data 15 years after the end of the legal relationship
11-Marketing Personal Data 15 years after the end of the legal relationship
12- Visual and Audio Recordings Personal Data 15 years after the end of the legal relationship
13- Union Membership Special Qualified Personal Data 15 years after the end of the legal relationship
14- Health Information Specially Qualified Personal Data 40 years after the end of the legal relationship
15- Criminal Conviction and Security Measures Special Quality Personal Data 15 years after the end of the legal relationship
16- Biometric Data Specially Qualified Personal Data The first periodic destruction period from the end of the legal relationship
17- Other Information-Corporate memory information Personal Data 70 years after the end of the legal relationship
18- Other Information-Shareholder/Partner Personal Data 15 years after the end of the legal relationship
19- Other Information-Employee Candidate Information Personal Data 2 Years
20- Other Information-Family/Relatives Information Personal Data 15 years after the end of the legal relationship

  1. Periods for the Ex-officio Deletion, Destruction or Anonymization of Personal Data

Golden Maprix considers the following periods within the scope of its obligation to delete, destroy or anonymize personal data:

  • In the first periodic destruction process following the date 01.01.2021, when the liability arose
  • Periodic destruction period cannot exceed 180 days in any case.

 

  1. Periods of Deletion and Destruction of Personal Data upon Request by the Related Person

    When the relevant person requests the deletion or destruction of his/her personal data by contacting Golden Maprix in accordance with Article 13 of the KVK Act;

 

  1. a) If all conditions for processing personal data have been eliminated; Golden Maprix deletes, destroys or anonymizes personal data subject to demand. Golden Maprix concludes the data owner’s request within thirty days at the latest and informs the real person who owns the data.

 

  1. b) Golden Maprix notifies the third party if all requirements for processing personal data have been eliminated and the personal data subject to request has been transferred to third parties; the necessary actions to be taken by the third party.

 

  1. c) If the terms of processing personal data have not been completely eliminated, this request is requested by Golden Maprix in accordance with Section 13 of the KVK Act. In accordance with paragraph 3 of article 3, the reason can be explained and the rejection response is reported to the person in writing or electronically no later than thirty days.

  2. Internal Management of Personal Data Processing, Storage and Destruction Processes


In any transactions related to personal data to be carried out upon completion of the process and compliance process in accordance with the Golden Maprix, KVK Law and the relevant legal legislation provisions, the management of these Policies and Procedures and their related processes is carried out as:

 

In accordance with Paragraph 1 of Article 13 of the KVK Law, personal data holders are required to submit their requests for the use of legally recognized rights to Golden Maprix with a wet signed or secure electronic signature by filling out the Golden Maprix Data Owner Application Form. Golden Maprix secure electronically signed requests must info@goldenmaprix.com.tr address and wet signed requests must be forwarded to Saricioglu Mah. Buhara Cad. Matim Is Merkezi No:158/A Battalgazi Malatya

.

12. Review

This policy is reviewed once a year by the Personal Data Protection Committee and necessary updates are made. After the approval of the senior management, the updated policy will be used by notified the relevant persons/parties.


  1. Final Terms

This Policy has been prepared and approved by the Committee for the Protection of Personal Data and is the updated on…………………. If this policy is translated into another language other than Turkish, Turkish text should always be taken into account in different statements between the two policies. This policy may not be reproduced or distributed without the written permission of Golden Maprix LLC.