PURPOSE OF THE POLICY: This policy has been prepared on the basis of the Regulation on the Deletion, Destruction or Anonymization of Personal Data in order to define our company's approach to managing the storage and destruction of personal data received and processed by our company. DEFINITIONS Destruction: Deletion, destruction or anonymization of personal data Recording medium: Any medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system Periodic destruction: The process of deletion, destruction or anonymization to be carried out ex officio at recurring intervals specified in the personal data retention and destruction policy in the event that all of the conditions for processing personal data specified in the Law disappear Data recording system: It refers to the recording system in which personal data is structured and processed according to certain criteria. REASONS FOR STORAGE and DISPOSAL, STORAGE and DISPOSAL PERIODS: Our Company securely stores the personal data it processes in physical and/or electronic environments within the retention periods determined by the Personal Data Inventory and publicly announced in VERBIS (Data Controllers Registry) in order to fulfill its legal obligatory activities and commercial activities. In the Personal Data Inventory, the environments in which each personal data is processed, stored and the methods by which it is destroyed are defined. Personal data are stored in accordance with the Personal Data Protection Law No. 6698, Labor Law No. 4857, Occupational Health and Safety Law No. 6331 and all legislation requirements concerning our company activities. In determining personal data retention periods, the legal justification or purpose of processing personal data is taken into account. If personal data is collected and processed in accordance with legal requirements, the retention period is defined in the Personal Data Inventory as the period specified in the relevant legislation. For other data, in accordance with the purpose of processing, periods that will ensure the fulfillment of the relevant activities are determined and defined in the Personal Data Inventory. While retention periods are sometimes defined as "month", "year", for some personal data, they may be defined as ".... At the end of", "until ............". For this reason, for each personal data, a different retention period may apply for the period stipulated in the relevant legislation or required for the purpose for which they are processed. Personal data are stored by taking "Data Security Measures" publicly announced in VERBIS. In addition to administrative measures such as preparing authorization matrix for employees, conducting trainings, making confidentiality agreements with employees and data processors, technical data security measures such as the use of up-to-date antivirus systems, firewall use, backup, encryption, etc. are taken. In the destruction of personal data, according to the method chosen, the process of deletion, destruction, anonymization is carried out in such a way that it is not possible to access, retrieve, use or associate the personal data with the data owner again. Personal data whose retention period has expired are destroyed according to the specified destruction methods and the process is recorded using the Data Destruction Record. These records are kept for at least 3 years. In the storage and destruction of personal data, the responsible persons determined by the "Personal Data Inventory" and "Authorization Matrix and Authorization Management Table for Personal Data" take part. Those who take part in destruction operations are recorded in the Data Destruction Record. Our Company reviews personal data every 3 months (March, June, September and December), identifies the data whose retention period has expired and deletes, destroys or anonymizes personal data in the first periodic destruction process following the date when the obligation to delete, destroy or anonymize personal data arises. This period shall not exceed six months. Personal data owners may request information about their data by using the communication methods in our General Clarification Text on Personal Data. In case this request is for the deletion of personal data: a) If all personal data processing conditions have been eliminated, the personal data subject to the request shall be destroyed. The request of the relevant person is finalized within 30 days at the latest and informed in writing / electronically. b) If all of the personal data processing conditions have been eliminated and the data subject to the request has been transferred to the data processing parties, our company notifies the Data Processor and ensures that the destruction procedures are carried out. c) If not all of the personal data processing conditions have been eliminated, it is rejected by our company by explaining the reason and the rejection response is notified in writing / electronically within 30 days at the latest.