ManpowerGroup Turkey Personal Data Storage And Disposal Policy

MANPOWERGROUP TURKEY PERSONAL DATA STORAGE AND DISPOSAL POLICY

PART ONE         

GENERAL PROVISIONS

Article 1    Objective

The objective of this Policy is to set forth the principles and procedures regarding the processing and protection of personal data as well as the deletion, disposal and anonymization of such processed personal data by ManpowerGroup Turkey in compliance with the applicable legislations, which constitute the legal basis of this Policy.

Article 2    Scope

The scope of applicability of this Policy encompasses the personal data of the staff members, staff member candidates, officers and visitors of ManpowerGroup Turkey, and the employees and the officers of the third parties, with whom ManpowerGroup Turkey cooperates, as well as any other third party, which are processed fully or partially automatically or through non-automatic means as a part of any data recording system.

Accordingly; the groups of data owners mentioned above may be subject to the applicability of the entirety or only certain provisions of this Policy.

Article 3    Legal Basis

This Policy has been issued on the basis of the Code No. 6698 on the Protection of Personal Data, the Regulation No. 30286 on the Registry of Data Controllers, and the Regulation No. 30224 on the Deletion, Disposal or Anonymization of Personal Data.

The applicable legislations in force shall be attached priority in terms of applicability in respect of the processing, protection and disposal of personal data. ManpowerGroup Turkey hereby agrees that, in the event of any conflict between the applicable legislations and this Policy, the applicable legislations in force shall be applicable.

Article 4    Definitions  

The following terms shall have the meanings set forth below for the purpose of the enforcement of this Policy;

a) Recipient group: The group of natural persons or legal entities, to whom the personal data are transferred by the data controller;

b) Concerned user: Any person, who processes personal data as a part of the data controller's organization or in accordance with the powers delegated and instructions placed by the data controller, except for any person or unit, who or which is responsible for the storage, protection and back-up, technically, of data;

c) Disposal: The deletion, disposal or anonymization of personal data;

d) Code: Code No. 6698 on the Protection of Personal Data;

e) Recording media: Any medium, where the personal data are processed fully or partially automatically or through non-automatic means as a part of any data recording system.

f) Personal data: Any information or data that is related to an identified or identifiable natural person;

g) Personal data owner: The natural person, whose personal data are processed;

h) Processing of personal data: Any operation, which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system;

i) Personal data processing inventory: The inventory, which is created by the data controllers by way of the association of the personal data processing activities that are carried out thereby with the purposes of processing of personal data, the data categories, the recipient groups and the groups of persons, being the subject matter of the data, and within which the maximum duration as necessary for the purposes, for which the personal data are processed, the personal data, which are contemplated to be transferred to foreign countries, and the precautions taken in respect of data security are detailed and described thereby;  

j) Board: The Personal Data Protection Board;

k) Authority: The Personal Data Protection Authority;

l) Personal data of private nature: The data related to the persons' race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, health, sexual life, conviction and safety precautions as well as biometric and genetic data;

m) Periodical disposal: The deletion, disposal or anonymization, which shall be conducted automatically on a periodical and recurrent basis as specified within the personal data storage and disposal policy in the cases, where all of the requirements for the processing of personal data as set forth within the Code cease to be satisfied;

n) Policy: This Policy, on which the data controllers base the identification of the maximum period of time as necessary for the purpose, for which the personal data are processed, and the deletion, disposal and anonymization of the personal data;

o) Registry: The registry of data controllers that is maintained by the Personal Data Protection Board;

p) Data processor: Any natural person or legal entity, who or which processes personal data on behalf of the data controller on the basis of the power delegated thereby;

p) Data recording system: Any recording system, through which personal data are processed by structuring according to specific criteria;

r) Data controller: A natural person or legal entity, who or which determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the filing system.

Any term not defined herein shall have the meaning that is ascribed thereto within the Code.

PART TWO     PRINCIPLES APPLICABLE FOR MANPOWERGROUP TURKEY

Article 5     Disclosures to and Information of the Personal Data Owner

ManpowerGroup Turkey makes disclosures to the personal data owners during the collection of personal data. Accordingly; ManpowerGroup Turkey shall disclose to the personal data owner the purposes, for which the personal data are to be processed, the parties, to whom the processed data are to be transferred, and the purpose of such transfers, the method of collection of personal data and the legal reasons for the same as well as the rights of the personal data owner as provided by the Code.

The rights of the personal data owner also include the right to "request information". ManpowerGroup Turkey shall inform the personal data owner as necessary and appropriate should the personal data owner so request.

ManpowerGroup Turkey declares to the personal data owners and the concerned parties by way of various public documents, primarily including this Policy, that it processes personal data in compliance with the law and the principle of integrity, and ensures that the concerned parties are informed as appropriate in respect and through the course of the personal data processing activities, and accordingly, ensures accountability and transparency.

Article 6    Protection of the Rights of Personal Data Owners

ManpowerGroup Turkey maintains the channels, internal operation, administrative and technical regulations as necessary in compliance with the Code for the assessment of the personal data owners and the information as necessary of the personal data owners.

In the event any personal data owner files a request with ManpowerGroup Turkey regarding any of the rights thereof as provided below; ManpowerGroup Turkey shall meet such request as soon as practicable depending on the nature of request but in any case not later than 30 days. In the event the actions to be taken in order to meet any such request require any extra or additional cost, ManpowerGroup Turkey shall charge the fee as per the rate tariff set forth by the Board. Personal data owners have the right to:

  • Learn whether or not the respective personal data of the relevant personal data owner have been processed;
  • Request information as to processing if the respective personal data of the relevant personal data owner have been processed;
  • Learn the purpose of processing of the respective personal data of the relevant personal data owner and whether data are used in accordance with their purpose;
  • Know the third parties based at home or in abroad, to whom the respective personal data of the relevant personal data owner have been transferred;
  • Request notification of the operations performed as a consequence of such requests as rectification, deletion and disposal to third parties to whom the respective personal data of the relevant personal data owner have been transferred, in the cases where the respective personal data of the relevant personal data owner have been processed incompletely or inaccurately;
  • Request the respective personal data of the relevant personal data owner to be deleted or disposed in the event the reasons that may have required the processing of the respective personal data of the relevant personal data owner in spite of the fact that they have been processed in compliance with the Law and other applicable laws and regulations, and request notification of the relevant operation to third parties to whom the respective personal data of the relevant personal data owner have been transferred;
  • Object to occurrence of any result that is to her/his detriment by means of analysis of the respective personal data of the relevant personal data owner exclusively through automated systems;
  • Request compensation for the damages in case the person incurs damages due to unlawful processing of the respective personal data of the relevant personal data owner.

In order to exercise their respective rights provided above, the personal data owners should communicate their requests to ManpowerGroup Turkey "in writing" or by way of the other methods contemplated by the Code. The Board has not specified any other method yet, on which account the personal data owners are, currently, required to file their requests in writing.

In the event the data owners also deliver their personally identifiable information to ManpowerGroup Turkey while filing and along with the filing of their requests in writing, they shall be responded rapidly and effectively. In the event any data owner requests to exercise any of her/his respective rights as mentioned above, s/he may send or deliver such written in writing along the documents that allow for the identification of herself/himself to the head office of ManpowerGroup Turkey, which is situated at Mecidiyekoy Mah. Oguz Sok. Rönesans Mecidiyeköy Plaza NO: 4 K: 1 Şişli/ Istanbul by hand, through the agency of a notary public or in secure electronically signed format.

Article 7    Recording Medium Where Personal Data Are Stored and Are to Be Disposed

Any medium, where the personal data, which have been obtained by ManpowerGroup Turkey and which are processed fully or partially automatically or through non-automatic means as a part of any data recording system, are stored, is considered and referred to as a recording medium. Any and all personal data that are held by and in the possession of ManpowerGroup Turkey are kept and stored on the respective systems thereof, which are mentioned below and the security of which is ensured in the maximum extent.

The personal data of the data owners are stored securely by Manpower in the media listed below in compliance with the applicable legislations in force, primarily including the provisions of the CPPD, and in accordance with the international data security principles.

Electronic media:

• Exchange Server

• ROMA

• Ms Dynamics

• Ms Office 365

Physical media:

• Cabinets of each unit

• Archiving

Article 8    Security of Personal Data

    Considering the business operations carried out thereby, ManpowerGroup Turkey attaches the utmost importance and priority to the protection of personal data.  ManpowerGroup Turkey takes any and all legally, technically and administratively required precautions in order to ensure and maintain data security, and acts with the utmost care and in the utmost diligence on the matter.

    The staff members of ManpowerGroup Turkey have been informed that they shall not disclose any personal data, which they may learn or obtain, to others in breach of the applicable provisions of the Code, and that they shall not make use of such data for any other purpose than the intended and specified purpose of processing of the same, and that the said obligations thereof shall remain in full force and effect even after their resignation or dismissal from their position within the organization of ManpowerGroup Turkey, and their warranties on the mentioned matters have been obtained as necessary and appropriate.

    ManpowerGroup Turkey also raises the awareness of its business partners, suppliers and the like third parties in respect of the prevention of the unlawful processing of personal data, the prevention of unlawful access to personal data and the storage of the personal data in compliance with the applicable law. The processing, protection and storage of personal data also by and at the counters of the third parties, with whom ManpowerGroup Turkey maintains business relations, have been arranged and regulated on contractual basis with such third parties, and the reason for the processing of such personal data has been accorded with the operations carried out with the third parties.

    ManpowerGroup Turkey conducts any and all required audits and procures the same to be conducted within its own organization. In the cases, where it is established as a result of the audits conducted that the precautions taken should be improved; ManpowerGroup Turkey promptly takes the necessary actions.

    In the event the personal data are captured and/or obtained through illegal or unlawful means by others in spite of the taking of all general, technical and administrative precautions specified below; ManpowerGroup Turkey fulfills its obligation to notify the respective data owner and the Board of such incident as soon as practicable.  

Article 9    General Precautions to Be Taken in Order for the Secure Storage and the Prevention of Unlawful Processing of and Illegal Access to the Personal Data

The personal data are processed by ManpowerGroup Turkey in strict compliance with the principles and procedures provided by the Code and the other applicable legislations. ManpowerGroup Turkey observes the following principles through the course of its processing of personal data:

a) Compliance with the law and the principles of honesty

ManpowerGroup Turkey acts in compliance with the guidelines contemplated by the applicable legislations regarding the processing of personal data and the principles of honesty. Giving due consideration to the requirements of proportionality with regards to the processing of personal data, ManpowerGroup Turkey avoids using the personal data in any such extent that is beyond the achievement of the relevant purpose.

b) Accuracy and, where necessary, currency,

ManpowerGroup Turkey takes into consideration the fundamental rights and interests of the personal data owners, and ensures the accuracy and currency of the personal data processed thereby. To that end, ManpowerGroup Turkey also takes the necessary and appropriate precautions.

c) Processing of data for specific, clear and legitimate purposes,

ManpowerGroup Turkey identifies and sets forth its purposes of processing personal data, which are specific, clear and legitimate, and processes personal data in connection with and only in such limited extent that is necessitated by the services provided thereby. ManpowerGroup Turkey sets forth and declares the purposes of processing of personal data prior to the commencement of such processing.

d) Relation to the purpose of processing, limitedness and proportionality of the data processed

ManpowerGroup Turkey processes personal data in such manner that is sufficient and convenient for the accomplishment of the purposes identified and set forth. Accordingly, ManpowerGroup Turkey avoids processing such personal data that are not related to the accomplishment of the purpose of processing of personal data or that do not need to be processed for such purpose.

e) Retention for the period as prescribed by the applicable regulations or as necessary for the relevant purpose of processing.

ManpowerGroup Turkey retains the personal data for such period that is prescribed by the applicable regulations or is necessary for the relevant purpose of processing. Accordingly; ManpowerGroup Turkey observes the period that is prescribed by the applicable regulations for the retention of personal data if any such period is prescribed, and if any such period has not been prescribed by the applicable regulations, it retains the personal data for such period that is necessary for the processing of the same. Once the prescribed period expires or in the event the processing of the personal data is no longer required;, the personal data are deleted, disposed or anonymized by ManpowerGroup Turkey.    

Article 10    Technical and Administrative Precautions to Be Taken in Order for the Secure Storage and the Prevention of Unlawful Processing of and Illegal Access to the Personal Data

ManpowerGroup Turkey is aware that it is obliged to take any and all technical and administrative precautions as necessary to ensure the appropriate level of security in order to

Prevent the unlawful processing of the personal data,

Prevent the unlawful access the personal data, and

Ensure the protection of the personal data,

and acts with the utmost care and in the utmost diligence in that regards.

In the event any personal data held in the possession of ManpowerGroup Turkey is processed by any other natural person or legal entity; ManpowerGroup Turkey shall be jointly responsible with such person or entity in respect of the taking of the precautions specified above.

As a matter of fact; ManpowerGroup Turkey is aware that it is obliged to conduct any and all such audits as necessary to ensure the enforcement as appropriate of the Code and the relevant legislations and to procure the conduct of such audits, and takes necessary actions to that end.

Article 11    Titles, Units and Job Descriptions of ManpowerGroup Turkey's Officials, Who Are Involved in the Storage and Disposal of Personal Data

The titles, units and job descriptions of the staff members, who are involved in the storage and disposal of personal data, are available within ANNEX-1 to this Policy. The persons, whose details are provided within the schedule, shall unfailingly fulfill any and all duties and obligations through the courses of the storage and disposal of personal data.

PART THREE         PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

Article 12    Requirements for the Processing of Personal Data

The processing of personal data requires the explicit consent of the person, whose data are intended to be processed. Explicit consent is only one of the legal requirements for the processing of personal data. Apart from the explicit consent, personal data may be processed in the event of the occurrence of any one or several events.  ManpowerGroup Turkey may process the personal of a person without the explicit consent of such person in the event of the satisfaction of any one or several of the following requirements.

a) Explicit consent: The explicit consent of the owner of the personal data should be declared as a result of an informed decision and with the free will of the concerned person. Accordingly; ManpowerGroup Turkey shall obtain the explicit consent of the owner of the personal data for the processing of the respective personal data thereof.

b) Explicit contemplation by applicable laws: In the event the processing of the personal data of the data owner may be processed lawfully by ManpowerGroup Turkey should such processing be contemplated explicitly by applicable laws.

c) Failure to obtain the explicit consent of the concerned person on account of actual impracticability: In the cases, where it is strictly obligatory for the processing of the data of a person, who is physically unable or incapable to express her/his consent or whose consent is legally not considered valid, in order for the protection of the life or physical integrity of such person or any other individual; the personal data of such data owner may be processed. For example; ManpowerGroup Turkey may disclose the blood type of a staff members thereof, who has an heart attack, to the physicians.

d) The processing of personal data being directly connected to the execution or the performance of a contract: The personal data of the parties of a contract may be processed, provided that such processing is directly connected to and necessary for the execution or the performance of a contract.

e) ManpowerGroup Turkey's fulfillment of its legal obligations: In the cases, where the processing of data represents a strict requirement for ManpowerGroup Turkey to fulfill the respective legal obligations thereof, the personal data of the data owner may be processed.

f) Disclosure to public by data owner of her/his personal data: In the cases, where the data owner discloses her/his personal data to the public; such personal data may be processed.

g) The processing of data representing a strict requirement for the creation, exercise or the protection of a right: In  the cases, where the processing of data represents a strict requirement for the creation, exercise or the protection of a right; the personal data of the data owner may be processed.

h) The processing of data representing a strict requirement for the preservation and maintenance of the legitimate interests of ManpowerGroup Turkey: In the cases, where the processing of data is strictly required to preserve and maintain the legitimate interests of ManpowerGroup Turkey; ManpowerGroup Turkey may process the personal data provided that the fundamental rights and freedoms of the data owner not be prejudiced.

Article 13    Requirements for the Processing of the Personal Data of Private Nature

ManpowerGroup Turkey does not process the personal data of private nature without the explicit consent of the owners of such personal data. The personal data of private nature other than those, which are related to health and sexual life, may be processed without seeking the explicit consent of the concerned person. The data related to health and sexual life may be processed without the explicit consent of the concerned person only by such persons or competent authorities, who or which are bound by confidentiality obligation, for the purpose of the protection of public health, preventive medicine, medical diagnosis, performance of treatment and healthcare services and the planning and management of healthcare services and the financing of the same.

In respect of the processing of personal data of private nature; ManpowerGroup Turkey also takes such required precautions that are identified and set forth by the Board.

Article 14    Transferring Personal Data

ManpowerGroup Turkey transfers the personal data and the personal data of private nature of the owners of the personal data to third parties with due consideration of the nature of its business operations carried out thereby, provided that it takes the appropriate security precautions required by the Code and the applicable legislations in line with the purposes of processing of personal data.

ManpowerGroup Turkey also transfers personal data to such foreign countries, which have been declared by the Board to have adequate protection, ("Foreign Country with Adequate Protection") or to such foreign countries, where adequate protection is not in place but in respect of which the data controllers in Turkey and in the such foreign countries have warranted to ensure adequate protection and transfer of personal data to which has been authorized by the Board, ("Foreign Country Where Data Controller Warranting Adequate Protection Resides"). In that regards, ManpowerGroup Turkey acts in compliance with the requirements of the Code.

Article 15    Data Processing Activities at the Entrance to and Inside the Workplace and Website Visitors

    ManpowerGroup Turkey conducts video surveillance in order to ensure workplace safety and carries out personal data processing activities in order to monitor the entrances and exits by the guests at the ManpowerGroup Turkey's workplaces. By way of conducting video surveillance and keeping logs of entrances and exits of guests, ManpowerGroup Turkey is deemed to carry out personal data processing activities. Through the course of such processing of personal data, ManpowerGroup Turkey acts in compliance with and observes the requirements of any and all applicable acts, codes and legislations, primarily including the Constitution.

    ManpowerGroup Turkey conducts video surveillance at the workplace for the purposes of improving the quality of the services offered thereby, ensuring and maintaining the security of the visitors of ManpowerGroup Turkey and other relevant persons and protecting the interests of the visitors in relation to the services procured thereby.

    The footages of such video surveillance, which are recorded and stored digitally within the organization of ManpowerGroup Turkey, are accessible only by a limited number of ManpowerGroup Turkey staff members. Live footage of the video surveillance can be viewed externally by the security guards of the contracted external security service provider. The limited number of ManpowerGroup Turkey staff members, who may access to the video surveillance footage, represent under the deed of confidentiality that they shall maintain the confidentiality of the data accessed thereby.

    Such personal data as the full names of the persons, who visit the workplaces of ManpowerGroup Turkey as guests, are obtained for the purpose of the monitoring of entrances and exits of the guests, on which account the said data are processed or the relevant personal data are recorded to the data recording system in a physical medium solely for the specified purposes. The records of the guests are kept by the security guards of the contracted external security service provider of ManpowerGroup Turkey. The contracted external security service provider is procured to submit a representation suggesting that it shall maintain the confidentiality of the data of the guests, which are accessed thereby.

PART FOUR     PRINCIPLES REGARDING THE DELETION, DISPOSAL OR ANONYMIZATION OF PERSONAL DATA

Article 16    Principles Regarding the Deletion, Disposal or Anonymization of Personal Data

In the cases, where all of the requirements for the processing of personal data as specified within Article 12 and Article 13 cease to be satisfied; ManpowerGroup Turkey fulfills its obligations for regarding the deletion, disposal or anonymization of personal data either on its own motion or upon the request of the concerned person.

ManpowerGroup Turkey acts in compliance with the general principles and the technical and administrative precautions specified within Article 9 and Article 10 of this Policy, the provisions of the applicable legislations, the resolutions of the Board and the personal data storage and disposal policy through the course of deletion, disposal and anonymization of personal data.

Records of any and all actions taken in respect of the deletion, disposal and anonymization of personal data by ManpowerGroup Turkey shall be kept, and are retained for a period not shorter than three years except for the cases where legal obligations require otherwise.  

Unless resolved otherwise by the Board, ManpowerGroup Turkey, acting at its discretion, shall delete, dispose of or anonymize the personal data as it deems appropriate on its own motion. ManpowerGroup Turkey shall select the appropriate action, whether that be deletion, disposal or anonymization, by way of explaining its reasoning for such selection upon the request of the concerned person.

Article 17    Deletion of Personal Data

Deletion of personal data is the action of rendering the personal data strictly and conclusively inaccessible and non-reusable by relevant users. ManpowerGroup Turkey takes any and all technical and administrative precautions as necessary and appropriate to render the deleted personal data strictly and conclusively inaccessible and non-reusable.

Article 18    Disposal of Processing of Personal Data

    Disposal of personal data is the action of rendering the personal data strictly and conclusively inaccessible, non-retrievable and non-reusable by relevant users. ManpowerGroup Turkey takes any and all technical and administrative precautions as necessary and appropriate in respect of the disposal of personal data.

Article 19    Anonymization of Personal Data

    The anonymization of personal data is the action of modification of the nature of personal data in such manner that they can no longer be associated to an identified or identifiable natural person even by way of matching with other data. The anonymization of personal data requires the modification of the nature of the personal data in such manner that it can no longer be associated to an identified or identifiable natural person even by way of the employment by the data controller, the recipient or the recipient groups of such techniques as restoration or matching with other data that are suitable for the recording medium and the relevant field of activity.

ManpowerGroup Turkey takes any and all technical and administrative precautions as necessary and appropriate in respect of the anonymization of personal data.

Article 20    Methods to Be Employed for the Deletion, Disposal or Anonymization of Personal Data

    ManpowerGroup Turkey shall delete, dispose of and/or anonymize the personal data held in its possession by way of employing the methods set forth below.

a) Cloud Application Solutions (Office 365, etc.)

ManpowerGroup Turkey shall delete the data stored in cloud applications by way of issuing a delete command. While issuing such command, ManpowerGroup Turkey shall particularly make sure that the relevant user does not have the authority to retrieve deleted data through the cloud system.

b) Personal Data Stored in Printed Form

ManpowerGroup Turkey shall delete the data stored in printed form by way of blanking. Blanking is performed by way of trimming, where practicable, of the personal data on the relevant document or, where trimming is not practicable, by way of rendering such data invisible for the relevant user through the employment of indelible ink in such matter that such application cannot be undone and the content so blanked cannot be read by way of technological solutions.

c) Office Files Stored on the Central Server

The file should be deleted by way of issuing a delete command on the operating system or the access authorization of the relevant user on the file or the directory, on which such file is kept, should be revoked. While taking such action, ManpowerGroup Turkey shall make sure that the relevant user is not also a system administrator.

d) Personal Data Stored on Portable Media

ManpowerGroup Turkey stores the personal data on flash-based storage media in encrypted form, and shall delete the same, using suitable software for such media.

e) Databases

ManpowerGroup Turkey shall delete the relevant lines that contain personal data by way of issuing the appropriate database commands (DELETE etc.). While taking such action, ManpowerGroup Turkey shall make sure that the relevant user is not also a database administrator.

Article 21    Periods for the Deletion, Disposal or Anonymization of Personal Data

ManpowerGroup Turkey deletes, disposes of or anonymizes the personal data as a part of the first immediate periodical disposal action that follows the date, on which the obligation to delete, dispose of or anonymize the personal data arises.

The period for the deletion, disposal or anonymization of personal data by ManpowerGroup Turkey is 30 days as of the date, on which the obligation to delete, dispose of or anonymize the personal data arises. Such period may be extended by no longer than 30 days in imperative situations.

ManpowerGroup Turkey agrees that the Board may shorten the specified periods in the event of the possibility of the occurrence of irreparable losses and damages and the occurrence of unlawfulness.

Article 22    Data Owner's Request for the Deletion and Disposal of the Personal Data Thereof

The Data Owner shall file her/his requests for the enforcement of the Code with ManpowerGroup Turkey in writing or by other methods that the Board may specify.

ManpowerGroup Turkey shall meet such request as soon as practicable depending on the nature of request but in any case not later than 30 days. However; In the event the actions to be taken in order to meet any such request require any extra or additional cost, ManpowerGroup Turkey may charge the fee as per the rate tariff set forth by the Board.

ManpowerGroup Turkey shall either accept any such request or reject the same, stating the reasons for such rejection, and communicate its reply to the concerned person in writing or electronically. In the event the request filed is accepted, ManpowerGroup Turkey shall take the appropriate action for the satisfaction of such request. In the cases, where the request is filed on account of a fault or negligence of ManpowerGroup Turkey; the fee charged shall be refunded.

Article 23    Periods for Deletion and Disposal of Personal Data upon Request by the Data Owner

In the event the Data Owner files a request with ManpowerGroup Turkey on the basis of Article 22 of the Policy for the deletion or disposal of her/his personal data;

a) If all of the requirements for the processing of personal data have ceased to be satisfied, ManpowerGroup Turkey shall delete, dispose of or anonymize the personal data, being the subject matter of the relevant request. ManpowerGroup Turkey shall, in that case, conclude the actions for the satisfaction of the request of the concerned person within not later than 30 days, and inform the concerned person on the matter.

b) If all of the requirements for the processing of personal data have ceased to be satisfied and the personal data, being the subject matter of the relevant request, have been transferred to third parties; ManpowerGroup Turkey shall notify the relevant third party of such request, and shall procure the necessary action under the Regulation on the Deletion, Disposal or Anonymization of Personal Data to be taken at the counters of the relevant third party.

c) If all of the requirements for the processing of personal data have not ceased to be satisfied; ManpowerGroup Turkey may reject such request, explaining the reasons for such rejection, under Article 22/3 of this Policy, and the rejection shall be communicated to the concerned Data Owner in writing or electronically within not later than 30 days.  

PART FIVE     MISCELLANEOUS

Article 24    Effectiveness

This Policy is issued and brought into force on December 28, 2017. This Policy is published on the website of ManpowerGroup Turkey, and is made available for access of the owners of the personal data upon their request.  

Article 25    Acknowledgment and Covenant

A copy of this Policy shall be delivered to the Data Controller and each staff member of ManpowerGroup Turkey. The Data Controller should sign the "Acknowledgment and Covenant for Personal Data Storage and Disposal Policy", which is set forth within Annex-3 hereto, and shall, upon such signing, be binding over the Data Controller, and deliver it to ManpowerGroup Turkey; and each staff member of ManpowerGroup Turkey should sign the "Acknowledgment and Covenant for Personal Data Storage and Disposal Policy", which is set forth within Annex-3 hereto, and shall, upon such signing, be binding over the concerned staff member, and deliver it to ManpowerGroup Turkey. The Acknowledgment and Covenant shall, upon being signed, be binding over the Data Controller and the concerned staff member of ManpowerGroup Turkey.

Article 26    Miscellaneous Matters

This Policy supersedes any and all previously adopted and enforceable regulations on the storage and disposal of data and the schedules thereto.

Annex-1

LIST OF TITLES, UNITS AND JOB DESCRIPTIONS

STAFF MEMBER POSITION RESPONSIBILITY

Nazan Bayraktar

Operational Excellence Manager

Data Controller Ensuring the compliance of the processes, which fall to the scope of responsibility thereof, with the required storage periods and management of personal data disposal process in accordance with the periodical disposal requirements

Behçet Mutlubaş

Human Resources Manager

Human Resources Department - Responsible for the implementation of the personal data storage and disposal policy Ensuring the compliance of the processes, which fall to the scope of responsibility thereof, with the required storage periods and management of personal data disposal process in accordance with the periodical disposal requirements

Zeynep Balbay Dal

Bordro Müdürü

Bordro Department - Responsible for the implementation of the personal data storage and disposal policy Ensuring the compliance of the processes, which fall to the scope of responsibility thereof, with the required storage periods and management of personal data disposal process in accordance with the periodical disposal requirements

Çiğdem Şenler

Finance and Information Technologies Director

Finance, Payroll Department and Information Technologies Department - Responsible for the implementation of the personal data storage and disposal policy Ensuring the compliance of the processes, which fall to the scope of responsibility thereof, with the required storage periods and management of personal data disposal process in accordance with the periodical disposal requirements

Süheyla Kulualp Demir

Operations Director

Operations/ Branches - Responsible for the implementation of the personal data storage and disposal policy Ensuring the compliance of the processes, which fall to the scope of responsibility thereof, with the required storage periods and management of personal data disposal process in accordance with the periodical disposal requirements

Annex-2

TABLE OF RETENTION AND DISPOSAL PERIODS

PROCESS RETENTION PERIOD DISPOSAL PERIOD
Shareholders' Assembly Actions 10 years Within 180 days from the date of expiration of the retention period
Processes on preparation of documents for tenders/ workplace opening/ ministries/undersecretariats 10 years Within 180 days from the date of expiration of the retention period
Replying to inquiries by courts/ enforcement offices in relation to staff members 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Contracts executed with third parties 10 years Within 180 days from the date of expiration of the retention period
Employment 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Payrolling 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Private health and personal accident insurance for staff members 1 years Within 180 days from the date of expiration of the retention period
Allocation of vehicles to staff members 1 years Within 180 days from the date of expiration of the retention period
Occupational health and safety practices 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Recording/ Monitoring Systems 1 years Within 180 days from the date of expiration of the retention period
Information regarding shareholders and directors 10 years Within 180 days from the date of expiration of the retention periodWithin 180 days from the date of expiration of the retention period
Payment transactions 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Staff Financing Processes 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Retention of a section of the contract process and the contract 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Accident Reporting 10 years Within 180 days from the date of expiration of the retention period
Sharing of meeting notes with attendees 10 years Within 180 days from the date of expiration of the retention period
Filing of any kind of documents 10 years Within 180 days from the date of expiration of the retention period
Filing of training logs and records 10 years Within 180 days from the date of expiration of the retention period