INFORM TEXT ABOUT CUSTOMER PERSONAL DATA

The inform text about this customer's personal data (“Inform text”)has been prepared by Fanset Elektrikli Ev Aletleri San. ve Tic. Ltd. Şti. (“FANSET/company”) as the data officer under the communiqué on the procedures and principles to be followed in the fulfillment of the illumination obligation with Article 10 of the Personal Data Protection Law (“Law”) No. 6698.

We reserve the right to update this disclosure text at any time in accordance with any changes to the applicable legislation and any changes to the purposes for which personal data is processed and transferred and the methods for which it is collected. Follow-up of updates and other detailed information about the processing of your personal data “www.fanset.com” protection and processing of your personal data " can be easily obtained from the title.

Your personal data processed under this inform text is as follows::

ID: * first and last name, * T.C. identification number, Tax Identification Number; Contact: * Phone Number * work address* home address * e-mail address; Finance: *Bank Information, credit card data (if any) *e-billing information; other information: * customer transaction data; * transaction data, legal, * on his website for a transaction log record * information received as part of talks at the call center *online sales at the time of the information received, *data processed by membership activities in case of membership.

(1) Processing of Your Personal Data

For the purposes below, we request your personal data collected by the methods set out in this inform text to enable us to do the necessary work in order to fulfill our legal obligations arising from the relevant legislation. This inform text is not used outside the specified scope, provided that the aims and the text of the Data Protection Law No. 6502 on the protection of consumers by taking technical and administrative measures and other relevant legislation and under the terms of Article 5 of the law specified in Article 6 will be handled.

Your personal data will be stored for the period of time required for processing, provided that the legal retention period is not exceeded, and will be destroyed when that period expires.

In addition, FANSET has an obligation to keep your personal data accurate and up to date in accordance with Article 4 of LPDD. In this context, in order for FANSET to fulfill its obligations arising from the legislation in force, our customers must share their accurate and up-to-date data with FANSET. If your data is changed in any way, type “updating my personal data” in the subject section. kvkk@fanset.com we ask you to update your data by e-mail.

It will be understood that your data has not been updated until the company has sent our customer a return email stating that it has been updated. In this case, we ask you to discard your email until you receive an update return.

(2) Transfer of Your Personal Data

Your personal data collected and processed by us for the purposes specified in this inform text is transferred to company stakeholders, company officials, affiliates and subsidiaries, natural persons or legal entities, suppliers and the nature of the service. However, personal data is shared with courts and other public institutions due to and limited to our legal obligations. In addition, personal data is transferred to contracted third parties in order to provide the services we undertake and to control the quality of the services provided.

The data received by FANSET can be transferred abroad by storing it in the cloud systems used and by selling it abroad as a requirement of the relationship between FANSET and the people abroad to whom FANSET will be associated.

Necessary technical and legal measures are taken to prevent rights violations during data transfer to third parties. However, FANSET is not responsible for breaches of the data protection policies of the third party receiving the personal data and in the risk area of the third party's liability.

(3) Collection of Your Personal Data

Your personal data is collected by us in writing or electronically by automated and/or non-automated means. Information collected from you in different ways or at different times, such as information collected by us online and offline, may be matched and used in accordance with the law and this disclosure text. In this context, your personal data will be collected in order to be processed within the framework of the personal data processing terms and purposes set out in Articles 5 and 6 of the law and for the legal reasons and purposes set out in this disclosure text.

(4) The Purposes for Which Your Personal Data Is Processed

The purposes for which your personal data are processed; during your participation in campaigns or purchase of any goods or services from our company, and/or other reasons to ensure the fulfillment of the contract established between the company, the administrative units by storing the information projected, reporting and disclosure to comply with the obligations; to provide the products / services requested by you, to know our customers within the information you consent to processing and to improve the quality of communication/service, to ensure the right product availability, to maintain the business relationship, to provide statistical information or to improve the quality of service we provide to our customers, to provide campaign and current product information,

In any case, all of your data which you may give to our company in accordance with both the distance sales contract and the conditions specified in the legislation are processed only in accordance with the relevant legislation and/or the approval you have given for the collection of your data.

(5) Your Rights

Law on the protection of personal data as a customer m. 11 under the scope of your rights and your requests for the application of the law, by requesting to receive the application form created by FANSET from our Web page or by hand by submitting the wet signed copy of it personally or through a notary public “Merkez Mah. Şehit Yılmaz Özdemir Cad. Sönmez Sokak. no:8/1 Halkalı- Küçükçekmece /İstanbul” or;

By signing with the “secure electronic signature " defined in the electronic signature Law No. 5070 of the applicant; fanset@hs01.kep.tr e-mail address: kvkk@fanset.com you can be communicated with. If you submit your request to our company, your request will be finalised free of charge within 30 days at the latest, depending on the nature of the request. In case of written response to your request, the Data Officer will not be charged up to the first 10 (ten) pages in accordance with the communiqué on application procedures and principles, and 1 TL transaction fee will be charged for each page above 10 (ten) pages. If the answer to your application is given in a recording medium such as a CD or flash memory, the cost of the recording medium will be reflected to you.

(6) Storage and Disposal:

Your personal data processed under this disclosure text is stored for the periods specified in the table below, and is anonymized or destroyed at the end of the period:

PROCESS

RETENTION TIME

TIME OF DESTRUCTION

Part of the contract process, and

preservation of the convention

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Other data collected in accordance with relevant legislation

Up to the period stipulated in the relevant legislation

Within 180 days following the expiration of the retention period

Payment transactions

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Customer’s Log / Recording / Tracking Systems

10 years

Within 180 days following the expiration of the retention period

Customer

10 years from the delivery of each product/service purchased by the customer in accordance with Article 146 of the Turkish Code of Obligations and Article 82 of the Turkish Commercial Code

Within 180 days following the expiration of the retention period

Potential Customer

3 years

Within 180 days following the expiration of the retention period

Camera recordings

1 month

Within 180 days following the expiration of the retention period

Filing of all kinds of documents

10 years

Within 180 days following the expiration of the retention period

Respectfully submitted.




PERSONAL DATA STORAGE AND DESTRUCTION POLICY

Prepared for FANSET. All rights reserved. It may not be reproduced, distributed or used without permission.

CONTENT

1.INTRODUCTION 3

1.1. Purpose 3

1.2. Scope 3

1.3. Abbreviations and definitions 3

2.LIABILITY 5

3. RECORDING MEDIA 5

4. EXPLANATIONS ON RETENTION 5

4.1.Retention Purposes 6

4.2. Legal Reasons For Retention 7

5.COMPLIANCE 7

5.1. Personal Data Inventory 7

5.2. Maximum Storage Times 7

5.3. Reasons For Destruction 10

5.4. List Of Recording Media In Which Personal Data Is Held 10

6.MEASURES FOR THE SAFE STORAGE AND DESTRUCTION OF PERSONAL DATA 11

6.1. Administrative Measures 11

6.2. Technical Measures 11

6.3. Periodic Destruction 11

7. PUBLICATION AND RETENTION OF POLICY 15

8. SANCTION 15

9. RELATION DOCUMENTS 15

10.UPDATE AND REVISION 15

11.ENACTMENT AND REPEAL OF THE POLICY 15

1.ENTRY

1.1. Purpose

The purpose of the personal data storage and Disposal Policy is to set out the principles and standarts forFanset Elektrikli Ev Aletleri San. ve Tic. Ltd. Şti. (FANSET/COMPANY)’s (will be mentioned as FANSET/Company in the text) existing and potential customers, consumers, business partners, visitors, employees, employee candidates, cooperated current institution/organization employees and relevant third parties with respect to article 20 of the Turkish Constitution, Law on Protection of Personal Data numbered 6698, the Regulation on Deletion, Destruction or Anonymization of Personal Data, the regulation on the Registry of Data Controllers and other secondary regulations of the Law numbered 6698.

1.2. Scope

The terms and principles in the policy cover all information and documents contained in physical and digital media that may be associated with a specific or identifiable real person, as well as the principles for the retention and destruction of such information.

1.3. Abbreviations and definitions

Recipient Group

The category of real or legal person to whom personal data is transferred by the data officer.

Explicit Consent

Consent to a particular subject, based on information and explained by free will.

Anonymization

Personal data cannot be associated with a specific or identifiable real person under any circumstances, even by matching it with other data.

Worker

Staff at FANSET companies.

Electronic Media

Environments where personal data can be created, read, modified and written with electronic devices.

Non Electronic Media

All written, printed, visual, etc. except electronic media. other mediums.

Data Subject

The real person whose personal data is processed.

Destruction

Deletion, destruction or anonymity of personal data.

Law

Law No. 6698 On The Protection Of Personal Data.

Recording Media

Any medium in which personal data is processed in a completely or partially automated manner, or in a non-automated way, provided that it is part of any data recording system.

Personal Data

Any information relating to the real person who can be identified or identified.

Personal Data Processing Inventory

The inventory that the data managers explain and detail the personal data processing activities that they carry out in accordance with their business processes; the personal data processing purposes and legal reasons, the data category, the transferred recipient group and the Data Subject Group, and the maximum retention period required for the purposes for which the personal data is processed, the personal data

Processing Of Personal Data

Any operation which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking it’s use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system

Board

Personal Data Protection Board

Periodic Destruction

In the event that all of the terms of the processing of personal data contained in the law are eliminated, the deletion, destruction or anonymity will be performed at repeated intervals as set out in the policy of retention and destruction of personal data.

Policy

Personal Data Retention and destruction policy

Processor

A real or legal person who processes personal data on behalf of the data principal based on the authority given by the data principal.

Data registry system:

Registration system in which personal data is structured according to certain criteria and processed.

Controller

Real or legal person responsible for the establishment and management of the data recording system, which determines the purposes and means of processing personal data.

VERBİS

Data Principals Registry Information System

Regulation

 

Regulation on the deletion, destruction or anonymity of personal data published in the Official Journal of 28 October 2017.

 

2. LIABILITY

FANSET, with all units and employees, is liable to perform the technical and administrative measures taken according to the Policy properly, to educate and increase the awareness of the unit and to check constantly to avoid unlawful processing of personal data, to avoid unlawful access to personal data and to take technical and administrative measures to provide a safe and legal data storage where the data is processed.

3.RECORDING MEDIA

Electronic Recording Media

Non-Electronic Recording Media

v Servers (Active directory, backup, e - mail, database, web, file sharing etc.))

v Software (Office software, QDMS, P-Magic, CRM, VERBIS)

v Information security devices (Firewall, Intrusion Detection and blocking, log file, anti virus etc.)

v Personal computers (desktop, laptop)

v Mobile devices (phone, tablet etc.)

v Optical discs (CD, DVD etc.))

v Removable memory (USB, memory card, etc.))

v Printer, scanner, copier

 

v Paper

v Manual data recording systems (survey forms, visitor entry book)

v Written mediums

v Printed media mediums

v Visual mediums

4. EXPLANATIONS ON DATA STORAGE

Article 3 of the Law defines processing of personal data, article 4 states that the processed data should be related to the purpose of processing time limits of storage and that the personal data processed must be linked to the purpose for which they are processed, limited and restrained, and must be maintained for the period of time required for the purpose for which they are processed, and in Articles 5 and 6, the Accordingly, personal data is stored within the framework of the company's activities for a period of time as stipulated in the relevant legislation or in accordance with our processing purposes.

4.1. Data Storage Purposes

Personal data held by FANSET is stored for the stated purposes and reasons, although not limited to the following purposes.

* To be able to perform work and operations as a result of signed contracts and protocols,

* To ensure the fulfillment of legal obligations as required or required by legal regulations,

* To communicate with real / legal persons in business relations with FANSET,

* To be able to fulfill the obligation of proof as evidence in future legal disputes,

* To provide service to the customer,

* To ensure the development and maintenance of human resources policies.

Detailed information from our policy on protection and processing of personal data (related policy “http://www.fanset.com/fanset you can get it from").

4.2.Legal Reasons For Data Storage

· Law No. 6698 on Protection of Personal Data,

· Turkish Code of Obligations No. 6098,

· Social Insurance and General Health Insurance Law No. 5510,

· Occupational Health and Safety Law No. 6361,

· Law No. 4982 On Obtaining Information,

· Law No. 3071 on the use of the right to petition,

  • Labor Law No. 4857,

· Regulation on Health and Safety Measures in Workplace Buildings and Built-ons,

· The data storage duration is determined by the Laws stated above and by other related secondary regulations and the data will be stored for that period of time.

5.COMPLIANCE

5.1. Personal Data Inventory

In accordance with this policy, FANSET relates and elaborates the personal data processing activities that it carries out in accordance with the business processes for it’s employees within the data principals registry information system; the personal data processing objectives and legal reasons, the data category, the recipient group transferred and the group of persons subject to the data, and the maximum period of storage of personal data FANSETundertakes to keep this inventory up to date in accordance with it’s principles in the procedure.

5.2. Maximum Storage Times

In the inventory, FANSETrelates and elaborates the categories of personal data that it processes depending on Business Processes and how long the data categories should be stored in accordance with legal requirements and business purposes. FANSETundertakes to keep the data inventory up to date within it’s policy principles and to process the data in accordance with the relevant personal data retention periods specified. In determining the maximum periods required for the purpose for which personal data is processed, the regulation on the Registry of Data Principals and the regulation on the deletion, destruction and anonymity of personal data are determined by taking into account the procedures and principles below:

· •How long is required in general practice in all sectors that FANSET is involved, including mold and scaffolding systems and other related sectors, for processing in relation to the relevant data category,

• How long the legal relationship established with the person who requires the processing of personal data in the relevant data category will continue,

· •How long FANSET 's legitimate interest will be valid in accordance with the law and integrity rules, depending on the purpose for which the relevant data category is processed,

· •How long the legal risks, costs and responsibilities of storing the relevant data category will continue depending on the purpose of processing,

· •Whether the maximum period to be determined is suitable for keeping the relevant data category accurate and up-to-date,

· •How long FANSET has to store personal data in the relevant data category as required by it’s legal obligation,

· •FANSET 's statute of limitations for asserting a right based on personal data in the relevant category of personal data is taken into account.

· •We reserve the right to vary the duration according to the matters mentioned above and the kind of personal data to be processed, the storage and disposal periods for certain data are as follows:

PROCESS

RETENTION TIME

TIME OF DESTRUCTION

Part of the contract process, and

preservation of the convention

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Execution Of Human Resources Processes

10 years following termination of activity

Within 180 days following the expiration of the retention period

Data stored under Labour Law

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Data collected under occupational health and safety legislation

50 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Data held under INSURANCE AND SAFETY AUTHORITY legislation

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Documents that can be used in a claim/lawsuit related to occupational accident/occupational illness

50 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Partner/Solution Partner/Consultant

During and after the end of thebusiness/business relationship, it is stored for 10 years in accordance with Art.146 of the Turkish Code of Obligationsand art.82 of the Turkish Commercial Code

Within 180 days following the expiration of the retention period

Execution of hardware and software access processes

2 years

Within 180 days following the expiration of the retention period

Other data collected in accordance with relevant legislation

Up to the period stipulated in the relevant legislation

Within 180 days following the expiration of the retention period

Payment transactions

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Personnel Financing Processes

10 years after the termination of the employment relationship

Within 180 days following the expiration of the retention period

Log / Recording / Tracking Systems

10 years

Within 180 days following the expiration of the retention period

The relevant personal data is subject to a crime under the Turkish Penal Code or other criminal legislation.

During the statute of limitations

Within 180 days following the expiration of the retention period

Camera recordings

1 month

Within 180 days following the expiration of the retention period

Filing of all kinds of documents

10 years

Within 180 days following the expiration of the retention period

Visitor

6 months

Within 180 days following the expiration of the retention period

Web-site visitor

2 years

Within 180 days following the expiration of the retention period

Running Candidate

A maximum of 2 years is stored as long as the resume will lose its current status.

Within 180 days following the expiration of the retention period

Intern(student)

It is maintained for a period of 10(ten) years in the continuation of the internship relationship and from the beginning of the calendar year following the end of the year.

Within 180 days following the expiration of the retention period

Customer

During and after the end of thebusiness/business relationship, it is stored for 10 years in accordance with Art.146 of the Turkish Code of Obligationsand art.82 of the Turkish Commercial Code

Within 180 days following the expiration of the retention period

Potential Customer

3 years

Within 180 days following the expiration of the retention period

Institutions/Companies (Suppliers, Subcontractors) With Which Fanset Cooperates

During and after the end of thebusiness/business relationship, it is stored for 10 years in accordance with Art.146 of the Turkish Code of Obligationsand art.82 of the Turkish Commercial Code

Within 180 days following the expiration of the retention period

FANSET, laws, legislation on processing personal data and protection of personal data policy and use of personal data in accordance with retention and destruction policy that is responsible for the delete, destroy or make anonymous the obligation arises after the date of the first periodic destruction in the process of personal data, delete, destroy, or makes anonymous.

When the person concerned applies to Fanset in accordance with Article 13 of the law to request the deletion or destruction of his personal data;

* If all requirements for processing personal data have been eliminated, FANSET will delete, destroy or anonymize the personal data subject to request by the appropriate disposal method by explaining its rationale within 30 (thirty) days from the day it receives the request. In order for fanset to be deemed to have received the request, the person concerned must have made the request in accordance with its policy on processing and protection of personal data. FANSET gives information to the person concerned about the transaction in any case.

• If all conditions for processing personal data have not been eliminated, this request may be rejected by FANSET in accordance with the third paragraph of Article 13 of the law by explaining the reason and the rejection response will be notified to the person concerned in writing or electronically within thirty days at the latest.

5.3.Reasons For Destruction

In determining and implementing the maximum periods required for the purpose for which personal data is processed, FANSETmonitors the compliance of such periods with the information contained in the Personal Data Inventory and whether the maximum periods are exceeded or not. If the below-mentioned circumstances occur or after FANSETrealizes these circumstances occur, regardless of the maximum duration of time the processing of personal data will be considered as disappeared; upon the request of the person who is related, the personal data will be deleted, destroyed or made anonymous by FANSET:

• Change or interest in the provisions of the relevant legislation which constitute the basis for the processing of personal data,

• The contract between the parties has never been established, the contract is not valid, the contract is terminated by itself, the contract is terminated or the contract is returned.,

• Elimination of the purpose that requires the processing of personal data,

• The processing of personal data is against the law or the integrity rule,

• To withdraw the consent of the person concerned when processing personal data only takes place on the basis of explicit consent,

• The person concerned, Act 11. (e) and (f) in accordance with the rights of the data processing activity of the application to be accepted by the data officer,

• If FANSET rejects the application made by the person concerned for the deletion or destruction of his personal data, if his response is insufficient or if he does not respond within the period stipulated in the law, a complaint is made to the board and this request is found to be appropriate by the board.,

• Although the maximum period of time required to store personal data has passed, there are no conditions that justify storing personal data for longer periods of time.,

• Act 5. and 6. the elimination of the requirements in the articles requiring the processing of personal data.

5.4.List Of Recording Media In Which Personal Data Is Held

FANSET demonstrates the recording environments in which personal data is stored, depending on Business Processes, and undertakes to keep this table up-to-date within it’s policy principles.

6.MEASURES FOR THE SAFE STORAGE AND DESTRUCTION OF PERSONAL DATA

While FANSETis responsible for taking technical and administrative measures to prevent the safe storage, unlawful processing and access of personal data, and for the lawful destruction of personal data, it is responsible for making these measures public and ensuring that they are implemented to the persons concerned.

6.1.Administrative Measures

• Fulfilling the obligation to disclose the relevant persons before processing personal data and obtaining their explicit consent where necessary,

• FANSET's commercial and non-commercial business and relations with the third party contacts with whom he has a contractual relationship with the necessary and sufficient information security, privacy and personal data protection provisions to be signed,

• Publication of the personal data storage and destruction policy,

• Publication of Cookie Policy and general disclosure text within FANSET 's web site,

• Analysis of activities and processes within FANSETwithin the scope of compliance studies and determination of actions to be taken in the name of compliance with the law,

• Creation of personal data inventory,

6.2.Technical Measures

The technical measures taken by FANSET in relation to the personal data it processes are listed below, including but not limited to:

* Use only up-to-date and secure systems suitable for technological developments in environments where personal data is kept,

* Use security systems for personal data storage environments.

* Conducting security tests and research for the detection of security weaknesses on information systems, eliminating the existing or potential risk factors identified as a result of the tests and investigations,

* Follow the data security guidance issued by the board,

* Restricted access to data in the media where personal data is held, allowing only authorized persons to access such data for the purpose of storing personal data, and registering all access,

* Fanset has sufficient technical personnel to ensure the security of personal data storage environments.

7. PERSONAL DATA DESTRUCTION TECHNIQUES

At the end of the period stipulated in the relevant legislation or the retention period required for the purpose for which they are processed, personal data shall be destroyed by the agency or upon the application of the relevant person by the following techniques in accordance with the provisions of the relevant legislation.

 

7.1. Deletion Of Personal Data

Personal data is deleted in the following ways.

Data Recording Media

Description

Personal Data On Servers

For those who have expired that require the storage of personal data on the servers, the system administrator will remove the access privileges of the relevant users and delete them.

Personal Data Contained In Electronic Media

The personal data contained in the electronic environment is securely deleted from the software and/or deleted by the expert.

Personal Data Contained In The Physical Environment

For those whose period of time has expired, which requires the storage of personal data held in the physical environment, it is in no way accessible to other employees except the unit manager responsible for the document archive and is rendered unusable again. In addition, the blackening process is applied by drawing/painting/wiping it unreadable.

Personal Data Contained In Portable Media

The expiration of the period that requires the storage of personal data held in Flash-based storage environments is stored in secure environments with encryption keys encrypted by the system administrator and granted access only to the system administrator.

 

7.2. Destruction Of Personal Data

Personal data is destroyed by the company in the following ways.

Data Recording Media

Description

Personal Data Contained In The Physical Environment

Expiration dates that require storage of personal data in paper media are irreversibly destroyed on paper Clippers

Personal Data In Optical / Magnetic Media

The process of physical destruction, such as melting, burning or pulverizing expired ones that require storage of personal data contained in optical media and magnetic media, is applied. In addition, the magnetic media is passed through a special device and exposed to a high magnetic field, making the data on it unreadable.

7.3. Anonymization Of Personal Data

The anonymity of personal data means that personal data cannot be associated with a specific or identifiable real person under any circumstances, even if it is matched with other data.

To be " anonymized personal data; personal data, or by third parties responsible for the data be returned and/or data matching with other data of the recording media, such as through the use of appropriate techniques and related in terms of the field of activity, even the ID cannot be associated with a specific or identifiable natural person must be made.

7.4. Periodic Destruction

In accordance with Article 11 of the regulation on the deletion, destruction or anonymity of personal data, the institution has set the period of periodic destruction as 6 months. Accordingly, FANSETundertakes to periodically check the personal data it holds in it’s digital and physical environments in parallel with it’s personal data inventory, no later than 6 months (180 days), and to periodically delete, destroy or anonymize such data at repeated intervals when the purpose for which they are processed ends.

8.PUBLICATION AND STORAGE OF THE POLICY

The policy may be published in two different media, wet signed (printed paper) and electronic media, and may be publicly posted on FANSET’s website.

9.SANCTION

For those who do not comply with the foregoing, a legal process or disciplinary process may be initiated in accordance with the nature of the situation.

10. PERSONAL DATA PROTECTION COMMITTEE

Sets up a personal data Committee within FANSET. The personal data Committee is authorized and responsible for conducting/conducting and overseeing the processes necessary for storing and processing the data of the persons concerned in accordance with the law, the policy for processing and protection of personal data and the policy for storing and destroying personal data.

The personal data Committee consists of three people: an administrator, an administrative expert and a technical expert. The titles and job descriptions of fanset employees working on the personal data Committee are as follows::

The committee manager of personal data: in compliance with the law in the process of planning all kinds of projects, analysis, research, guide the work of a risk assessment; Law on processing personal data and protection of personal data policy retention and destruction policy and to manage the processes that should be executed in accordance with requests from related parties and is obliged to decide.

Other members of the committee are responsible for: reporting the requests of the persons concerned to the Personal Data Committee Manager for examination and evaluation; carrying out the transactions related to the requests of the persons concerned assessed and decided by the Personal Data Committee Manager in accordance with the decision of the Personal Data Protection Committee Manager; auditing the retention and destruction processes and reporting.

11.UPDATE AND REVISION

FANSET reserves the right to make changes to the processing and protection policy of personal data or this personal data retention and destruction policy in accordance with corporate decisions or in line with developments in the sector or in the field of it due to changes in the law.

Any changes to this personal data storage and destruction policy shall be immediately submitted to the text and explanations on the changes shall be disclosed at the end of the policy.

12. ENACTMENT AND REPEAL OF THE POLICY

The policy is considered to have taken effect after it’s publication on the company's website. In the event of a decision to repeal, old wet-signed copies of the policy are signed by the Board of Directors by cancellation (by striking the cancellation stamp or by writing the cancellation) and stored by the company for at least 5 years)

13. AMENDMENT NOTES

Document Date: