MARMARIS BUNKER PETROLEUM MARITIME TRADE JOINT STOCK COMPANY (FATIH SULTAN MAH. 2700 CAD. ARP KULE BLOK NO: 3 INNER DOOR NO: 35 ETIMESGUT/ANKARA) DESTRUCTION POLICY REGARDING THE DELETION, DISPOSAL, AND ANONYMIZATION OF PERSONAL DATA
1. Purpose of the Destruction Policy
The purpose of this Destruction Policy (hereinafter referred to as the “Policy”) is to explain in detail the procedures and principles regarding the deletion, destruction, or anonymization of personal data processed in accordance with the Personal Data Protection Law No. 6698 (“Law”), in cases where the conditions for processing personal data specified under Articles 4, 5, and 6 of the Law cease to exist, pursuant to the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28/10/2017. Such procedures shall be carried out ex officio or upon the request of the data subject by MARMARIS BUNKER PETROLEUM MARITIME TRADE JOINT STOCK COMPANY (Fatih Sultan Mah. 2700 Cad. Arp Kule Blok No: 3 Inner Door No: 35 Etimesgut/ANKARA) (hereinafter referred to as “Marmaris Bunker”).
2. Definitions
Recipient Group: Real or legal persons to whom personal data is transferred by the data controller.
Explicit Consent: Consent that is related to a specific subject, based on information, and declared with free will.
Anonymization: Rendering personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Employee: Natural persons contractually employed by our Company.
Electronic Environment: Environments where personal data can be created, read, modified, and written using electronic devices.
Non-Electronic Environment: All written, printed, visual, and similar media other than electronic environments.
Service Provider: Real or legal persons providing services to our Company within the scope of a contractual relationship.
Relevant Person: The natural person whose personal data is processed.
Destruction: Deletion, destruction, or anonymization of personal data.
Law: Personal Data Protection Law No. 6698.
Recording Environment: Any environment where personal data processed fully or partially by automated means or non-automated means as part of a data recording system is stored.
Personal Data: Any information relating to an identified or identifiable natural person.
Personal Data Processing Inventory: An inventory prepared by data controllers detailing personal data processing activities carried out depending on business processes; associated with purposes of processing, data categories, recipient groups, and data subject groups; including maximum retention periods, transfers abroad, and security measures regarding data protection.
Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data by fully or partially automated means or non-automated means provided that it is part of a data recording system.
Board: Personal Data Protection Board.
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and attire, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Periodic Destruction: The deletion, destruction, or anonymization process carried out ex officio at recurring intervals specified in the personal data retention and destruction policy when all conditions for processing personal data under the Law cease to exist.
Policy: Personal Data Retention and Destruction Policy.
Data Processor: Real or legal persons processing personal data on behalf of the data controller based on the authority granted by the data controller.
Data Recording System: A recording system where personal data is processed according to specific criteria.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Controllers Registry Information System: The information system accessible over the internet, established and managed by the Authority, used by data controllers for applications and related transactions concerning the Registry (VERBIS).
Regulation: The Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017.
