KTB - TGA logo
Personal Data Storage and Destruction Policy

TURKISH TOURISM PROMOTION AND DEVELOPMENT AGENCY

PERSONAL DATA PROTECTION LAW

1. PURPOSE OF THE POLICYThis Personal Data Storage and Destruction Policy ("Policy"), Personal Data Protection Law No. 6698 ("KVKK" or "Law") and the Regulation on Deletion, Destruction or Anonymization of Personal Data (TÜRKİYE TOURISM PROMOTION AND DEVELOPMENT AGENCY PERSONAL DATA STORAGE AND DESTRUCTION POLICY (“TGA”) has been prepared in order to determine the procedures, principles, storage, deletion and destruction periods regarding the works and transactions related to storage and destruction activities in accordance with the relevant legislation, especially the 'Regulation'). Works and transactions regarding the storage and destruction of personal data are carried out in accordance with the Policy prepared accordingly by TGA.2. DEFINITIONS AND EXPLANATIONS
Concept
Definition
Explicit Consent
Consent regarding a specific subject, based on informed consent and expressed with free will.
Anonymization
Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Employee/Intern
TGA employees or interns.
Electronic Media
Environments where personal data can be created, read, changed and written with electronic devices.
Non-Electronic Media
All written, printed, visual, etc. media other than electronic media.
Contact Person
The real person whose personal data is processed.
Relevant User
Persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.
Destruction
Deletion, destruction or anonymization of personal data.
Recording Media
Any environment containing personal data that is processed completely or partially automatically or by non-automatic means, provided that it is part of any data recording system.
Personal Data
Any information regarding an identified or identifiable natural person.
Processing of Personal Data
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. "Any action performed on data, such as classifying it or preventing its use.
Board
Personal Data Protection Board
Institution
Personal Data Protection Authority
KVKK, Law
Personal Data Protection Law No. 6698
Special Personal Data
Data regarding race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
Periodic Destruction
The process of deleting, destroying or anonymizing personal data, which is specified in the personal data storage and destruction policy and will be carried out ex officio at recurring intervals, in case all the conditions for processing personal data specified in the Law are eliminated.
Policy
Personal Data Storage and Destruction Policy
Delete
Making personal data inaccessible and unusable in any way for the relevant users.
TGA (TÜRKİYE TOURISM PROMOTION AND DEVELOPMENT AGENCY) PERSONAL DATA STORAGE AND DESTRUCTION POLICY
Concept
Definition
Data Processor
A natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System
Recording system, directory where personal data is structured and processed according to certain criteria.
Data Controller
The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Destruction
Making personal data inaccessible, irretrievable and unusable by anyone.
Regulation on Deletion, Destruction or Anonymization of Personal Data ("Regulation") was published in the Official Gazette No. 30224 dated 28 October 2017.3. RECORDED MEDIAPersonal data stored within TGA is kept sensitively in the following recording environments in accordance with the nature of the relevant data and legal obligations.Electronic media:– Servers (domain, backup, email, database, web, file sharing)– Software (office software, portal, etc.)– MS office files– Personal computers (desktop, laptop)– TGA computers (desktop, laptop)– Network devices– Mobile devices and their storage areas (phone, tablet, etc.)– Shared/non-shared disk drives used for storing data on the network– Cloud systems– Printer, scanner, photocopier- Camera– Magnetic tapes– Optical discs (CD, DVD, etc.)– Removable disks (USB, memory card, etc.)– Zimbra– Netsis– Oracle– File server– dhcp– Dc– ERP system– Cisco c170– Exchange server– Rome– Ms dynamics– CRM system– Accounting operation system– SQL database– MySQL database– CRM server– NebimNon-electronic media:- Unit cabinets- Unit archive- Institution archive- Archive- Accounting unit- Paper- Written, printed, visual media- Manual data recording systems (survey forms, guestbook, candidate evaluation forms)4. EXPLANATIONS REGARDING THE REASONS REQUIRING THE STORAGE AND DESTRUCTION OF PERSONAL DATAPersonal data within TGA may be used to provide TGA's services, to continue its activities without interruption, to plan and execute human resources processes, to plan employee rights and benefits, to plan and execute supply and business partner processes, to ensure effective communication, as required or required by legal regulations. Fulfilling legal obligations, fulfilling sector-specific obligations, fulfilling the necessary quality and standard audit processes, providing information to public institutions and organizations, ensuring corporate communication, ensuring security, carrying out statistical studies, carrying out analysis studies, carrying out reporting studies, signing contracts and protocols. For the purposes of performing the obligations undertaken, using it as evidence in legal disputes that may arise in the future or fulfilling the burden of proof, carrying out written, printed and electronic magazine and bulletin studies, operating archive processes, and running the supply chain, electronic or It is stored securely and sensitively in non-electronic media. Personal data within TGA will be destroyed ex officio or upon the request of the relevant person, if the following data processing conditions are eliminated.– Existence of explicit consent,– Existence of legal provision,– Explicit consent cannot be obtained due to actual impossibility,– It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract,– It is mandatory for the data controller to fulfill its legal obligation,– The personal data of the relevant person has been made public by him/her,– Data processing is mandatory for the establishment, exercise or protection of a right,– Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.5. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN FOR THE SECURE STORAGE OF PERSONAL DATA AND PREVENTING THEIR ILLEGAL PROCESSING AND ACCESS- Network security and application security are provided.- A closed system network is used for personal data transfer via the network.- Security measures are taken within the scope of information technology systems supply, development and maintenance.- There are disciplinary regulations that include data security provisions for employees.- Training and awareness activities are carried out periodically for employees regarding data security.- An authority matrix has been created for employees.- Access logs are kept regularly.- Corporate policies on access, information security, use, storage and destruction have been prepared and implemented.- Confidentiality commitments are made.- The authorities of employees who change their duties or leave their jobs in this area are removed.- Up-to-date anti-virus systems are used.- Firewalls are used.- Signed contracts contain data security provisions.- Personal data security policies and procedures have been determined.- Personal data security issues are reported quickly.- Personal data security is monitored.- The security of physical environments containing personal data is ensured against external risks (fire, flood, etc.).- The security of environments containing personal data is ensured.- Personal data is reduced as much as possible.- Personal data is backed up and the security of the backed up personal data is ensured.- User account management and authorization control system is implemented and their monitoring is also carried out.- Periodic and/or random audits are carried out within the institution and are carried out.- Log records are kept without user intervention.- Current risks and threats have been identified.- Protocols and procedures for the security of special personal data have been determined and implemented.- If special personal data is to be sent via e-mail, it must be sent encrypted and using a KEP or corporate mail account.- Secure encryption / cryptographic keys are used for sensitive personal data and are managed by different units.- Intrusion detection and prevention systems are used.- Cyber security measures have been taken and their implementation is constantly monitored.- Data processing service providers are periodically audited regarding data security.- Awareness of data security is ensured among data processing service providers.6. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN FOR THE LAWFUL DESTRUCTION OF PERSONAL DATATGA's practices for destroying (deleting, destroying and anonymizing) personal data are as follows:Deletion of Personal Data- Personal data physically contained in paper, file, folder environment is stored in archive/storage/storage areas or relevant sections of these areas that relevant users (all other employees except the archive/storage manager) cannot access, reach or inspect. What is important here is "Relevant users will not be able to enter these storage areas and cannot take any action on the personal data contained therein. In certain parts of the storage/storage/archive areas, deletion can be carried out by keeping them in locked areas that cannot be accessed by anyone other than the archive/storage responsible.- Office files located on the central server are deleted by deleting the file with the delete command in the operating system or by removing the access rights of the relevant user on the file or the directory where the file is located.- Personal data on removable media (for example, data on flash-based storage media) should be stored encrypted and deleted using software suitable for these media.- Personal data in the databases are deleted with database commands (DELETE, etc.) of the relevant rows/columns or cells in the table.Destruction of Personal Data- Destruction of personal data on local systems is achieved through de-magnetization (exposing the media to a high magnetic field by passing it through a special device), physical destruction (melting, burning media and magnetic media, using shredders) and overwriting.- Destruction of personal data on peripheral systems; Network devices (switch, router, etc.), Flash-based media/hard disks (ATA "SATA, PATA etc.", SCSI "SCSI Express etc.), magnetic tape, magnetic disk etc. units, Mobile phones (Sim card and fixed memory areas), Data recording media are removable or fixed, peripheral units such as printers and fingerprint door access systems, Environmental recording systems that we can refer to as optical disks, digital media, if supported as a product feature, can be destroyed. If digital media is not supported as a product feature, use the destruction method recommended by the manufacturer or one or more of the appropriate methods specified as "demagnetization, physical destruction, overwriting", and finally, if it is not digital media, "demagnetization" ", it must be destroyed by using one or more of the appropriate methods such as physical destruction, overwriting.- Since the personal data contained in paper and microfiche media are permanently and physically written on the medium, the destruction process is carried out by destroying the main medium containing these data.- Personal data in the cloud environment is encrypted and stored, and when the destruction time comes, the destruction command is applied.Anonymization of Personal Data- Anonymization is achieved by removing the basic identifying information (e.g. name, surname, TR ID number) that enables the identification of the data owner through the masking method.- With the aggregation method, personal data is extracted in a way that cannot be associated with any individual (e.g., more job applications come from people between the ages of 25 and 30) and anonymization is carried out.- With the Data Derivation method, anonymization is achieved by creating a more general content than the content of personal data and in a way that personal data cannot be associated with a person in any way (e.g. writing age instead of dates of birth).Anonymization Methods That Do Not Provide Value Irregularity- No changes, additions or subtractions are made to the values of the data; instead, they are anonymized by making changes to all the rows or columns in the set. Thus, while the overall data changes, the values in the fields are ensured to maintain their original state.Removing Variables: It is an anonymization method provided by completely deleting one or more of the variables from the table.Removing Records: By removing a row containing a singularity in the dataset, anonymization is strengthened and the possibility of making assumptions about the dataset is reduced.Regional Obfuscation: To make the dataset more secure and reduce the risk of predictability, the value is changed to "unknown" if the combination of values ​​of a particular record is likely to cause it to become distinguishable.Generalization: It is the process of converting the relevant personal data from a specific value to a more general value. The new values obtained with this method show the total values or statistics of a group that makes it impossible to reach a real person.Lower and Upper Bound Coding: Generally, the lower or higher values of a certain variable are collected together and a new definition is made to these values.Global Coding: It is an anonymization method in the form of grouping used in data sets where it is not possible to apply lower and upper bound coding, do not contain numerical values, or have values that cannot be numerically sorted.Sampling: Instead of the entire data set, a subset taken from the set is disclosed or shared. Thus, the risk of producing accurate predictions about individuals is reduced.Anonymization Methods Providing Value Irregularity- Existing values are anonymized by changing the values of the data set, creating distortion. Even if the values in the data set are changing, you can still benefit from the data by ensuring that the total statistics are not distorted.- Micro Joining: All records in the data set are first arranged in a meaningful order and then the whole set is divided into a certain number of subsets. Then, the value of that variable of the subset is averaged by averaging the value of each subset of the specified variable. value. Thus, the average value of that variable valid for the entire data set will not change.- Data Exchange: Record changes obtained by exchanging the values of a variable subset between pairs selected from the records. This method is basically used for variables that can be categorized, and the main idea is to transfer the values of the variables between the records belonging to individuals. It is the anonymization of the database by changing the- Adding Noise: It is anonymized by making additions and subtractions to provide distortions to a specified extent in a selected variable. This method is mostly applied to data sets containing numerical values. The distortion is applied equally at each value.Statistical Methods to Enhance Anonymization-In anonymized data sets, as a result of the combination of some values in the records with singular scenarios, the possibility of identifying the identities of the people in the records or deriving assumptions about their personal data may arise. For this reason, by minimizing the singularity of the records in the data set by using various statistical methods in anonymized data sets "Anonymity can be strengthened. The main purpose of these methods is to minimize the risk of anonymity being compromised while keeping the benefit from the data set at a certain level.–K-Anonymity: It is an anonymization statistical method developed to prevent the disclosure of information specific to individuals with unique characteristics in certain combinations, by identifying more than one person with certain fields.–L-Diversity: It was formed through studies carried out on the shortcomings of K-Anonymity. In this method, the diversity created by sensitive variables corresponding to the same variable combinations is taken into account. For example, although K-anonymity is applied by anonymizing the name, surname or identity number of individuals, postcode, age and "Since ethnic origin information has been shared, there is a possibility that it can be detected. By anonymizing this information with the masking method, the guessing power of the user with external information has been reduced.–T-Closeness: Although the L-diversity method provides diversity in personal data, there are situations where it cannot provide adequate protection because the method in question does not deal with the content and sensitivity of personal data. In this state, the degree of closeness of personal data and values is calculated and the data set is The process of anonymizing the data by dividing them into subclasses according to their degree of closeness is called the T-proximity method.-In this context, institutions' decisions to anonymise at their own discretion should be investigated whether there is a risk of the anonymised personal data being reversed through various interventions and the anonymised data becoming identifiable again and distinguishing real persons, and action should be taken accordingly.

TITLES, UNITS AND JOB DESCRIPTIONS OF THOSE INVOLVED IN THE PROCESSES OF STORING AND DESTROYING PERSONAL DATA

Personnel Unit Job Description
Title
Unit
Job Description
Archive Manager
Human Resources
Destruction of personal data.
Lawyer
Legal Office
Receiving the requests of the relevant persons, checking their compliance with the procedure and answering the request.
Authorized Personnel
Information Technologies
Ensuring that the processes within its scope comply with the retention period, managing the periodic destruction process, carrying out the necessary audits and controls to respond to the requests of the relevant persons, the destruction process of personal data in the electronic environment.
Human Resources Personnel
Human Resources
Ensuring that the processes within its scope comply with the retention period and managing the personal data destruction process in accordance with the periodic destruction period.
OHS Personnel
Human Resources
Ensuring that the processes within its scope comply with the retention period and managing the personal data destruction process in accordance with the periodic destruction period.
7. TABLE ON STORAGE AND DISPOSAL PROCESS AND PERIODSThe storage periods recommended under this heading are stated taking into account the general statute of limitations, the period during which the legal relationship with the relevant persons will continue, the period during which TGA's legitimate interest remains valid in accordance with the law and the rules of honesty, and the period during which personal data can continue to be up-to-date. Specific to the sector in which TGA operates. The periods accepted as customary in the industry should be evaluated separately. Personal data within the TGA is stored for the period specified in this legislation, if it is foreseen in the relevant legislation. If the purpose of processing personal data has ended and the storage period determined by the relevant legislation and the TGA has come to an end, personal data may be subject to possible legal disputes. to meet the legal demands of authorized public institutions and organizations or to assert the relevant right related to personal data.Processed personal data is stored for the periods specified in this Policy, starting from the end of the activity or process performed. Storage periods are divided into two: deletion time and destruction time.Deletion refers to the process of making personal data inaccessible and unusable for the relevant users in any way.Relevant user refers to the persons who process personal data within the data controller organization or in line with the authorization and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.Destruction means making personal data inaccessible, irretrievable and unusable by anyone. Stored/backed up personal data is destroyed after certain periods of time.Anonymization means making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.Deleted personal data, within the period until the time of destruction;– Resolving possible legal disputes,– Meeting the lawful demands of authorized public institutions and organizations,– Ability to assert a right based on personal databacked up for the following purposes. Backed up personal data is not accessed for any other purpose.