Unique Prices
The Glow of Elegance
Unique Prices
The Glow of Elegance
  • 0

1.1 Purpose of the Policy

The personal data protection policies have been prepared to determine the rules and principles regarding the storage and disposal processes of personal data at Bigben Kuyumculuk Sanayi ve Dış Ticaret Limited Şirketi (Bigben Kuyumculuk). Bigben Kuyumculuk prioritizes the processing of personal data belonging to employees, job applicants, project authors, contracted distribution companies, approval authorities, service providers, visitors, customers, and other third parties in accordance with the Constitution of the Republic of Turkey, international agreements, Law No. 6698 on the Protection of Personal Data ("Law"), and other relevant regulations. It also ensures that the rights of the relevant individuals are effectively exercised. The processes related to the storage and disposal of personal data are carried out in compliance with the laws, regulations, and procedures prepared by Bigben Kuyumculuk in this regard.

1.2 Scope

The personal data of Bigben Kuyumculuk employees, job applicants, project authors, contracted distribution companies, approval authorities, service providers, visitors, customers, and other third parties fall within the scope of this Policy. The Policy and Procedures specified in this document apply to all recording environments in which personal data is processed, owned, or managed by Bigben Kuyumculuk, as well as to activities related to personal data processing.

1.3 Abbreviations and Definitions

  • Explicit Consent: Consent given on a specific subject, based on information and free will.
  • Anonymization: Making previously identifiable data unidentifiable even when matched with other data.
  • Job Applicant: Real persons who are not employees of Bigben Kuyumculuk but have the status of job applicants.
  • Personal Data: Any information relating to an identified or identifiable real person.
  • Data Subject: The real person whose personal data is processed.
  • Processing of Personal Data: Any operation performed on data, such as collection, recording, storage, preservation, modification, rearrangement, disclosure, transfer, acquisition, making it available, classification, or preventing its use.
  • Law: The Law on the Protection of Personal Data No. 6698, published in the Official Gazette on April 7, 2016.
  • Special Categories of Personal Data: Data related to race, ethnicity, political opinions, philosophical beliefs, religion, sect, or other beliefs, dress and appearance, association or union memberships, health, sexual life, criminal convictions, security measures, biometric, and genetic data.
  • Policy: Bigben Kuyumculuk Personal Data Processing and Protection Policy.
  • Company/Firm/Bigben Kuyumculuk: Bigben Kuyumculuk Sanayi ve Dış Ticaret Limited Şirketi.
  • Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted.
  • Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept.
  • Data Recording System: A system in which personal data is processed based on specific criteria.
  • Business Partners: Individuals with whom Bigben Kuyumculuk has entered into a contractual relationship in the course of its commercial activities.
  • Relevant Person: The real person whose personal data is processed.
  • Employee: A real person employed by Bigben Kuyumculuk.

1.4 Storage Media

Bigben Kuyumculuk stores personal data in accordance with the law, policies, and procedures in the following environments within its organization:

  • Digital Media:

    • Servers (domain, backup, email, database, web, file-sharing, etc.)
    • Software (office applications, accounting software, logging, and security programs)
    • Information security devices (firewalls, intrusion detection and prevention systems, log files, antivirus software, etc.)
    • Personal computers (desktop, laptop)
    • Mobile devices (phones, tablets, etc.)
    • Optical disks (CDs, DVDs, etc.)
    • Removable storage devices (USB, memory cards, etc.)
    • Printers, scanners, photocopiers

  • Non-Digital Media:

    • Paper
    • Manual data recording systems (visitor entry logs, fair and meeting registration forms, system room entry forms)
    • Printed and visual media

    • 2. INFORMATION REGARDING THE PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT BY BIGBEN KUYUMCULUK

    • 2.1 Storage and Disposal Explanations

      Bigben Kuyumculuk stores and disposes of personal data belonging to employees, job applicants, project authors, project information, visitors, customers, service providers, and employees of approval authorities, as well as personal data of third parties, institutions, or organizations engaged in data transactions, in compliance with the Law.

      Detailed explanations regarding storage and disposal are provided below.

      2.1.1 Storage of Personal Data

      Article 3 of the Law defines the concept of personal data processing, while Article 4 states that personal data must be processed in connection with, limited to, and proportionate to the purposes for which they are processed, and must be stored for the duration prescribed by relevant regulations or as necessary for the purpose of processing. Articles 5 and 6 list the conditions for processing personal data. Accordingly, Bigben Kuyumculuk stores personal data for the duration stipulated by the relevant regulations or as long as required by the purpose of processing. The implementation method and principles set forth by the Law, regulations, and notices have been detailed in the data storage procedure.

      2.1.2 Legal Grounds for Storage

      Personal data processed within the scope of Bigben Kuyumculuk's activities are stored for the duration specified by the relevant regulations. In this context, personal data is stored in accordance with:

      • Law No. 6698 on the Protection of Personal Data
      • Turkish Code of Obligations No. 6098
      • Turkish Commercial Code No. 6102
      • Social Insurance and General Health Insurance Law No. 5510
      • Labor Law No. 4857
      • Occupational Health and Safety Law No. 6331
      • Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications
      • Public Financial Management Law No. 5018
      • Law on the Right to Information No. 4982
      • Law No. 3071 on the Exercise of the Right to Petition
      • Law No. 5434 on Retirement Health
      • Social Services Law No. 2828
      • Regulation on Health and Safety Measures to be Taken in Workplace Buildings and Annexes
      • Regulation on Archival Services
      • Public Procurement Law No. 4734
      • Civil Servants Law No. 657
      • Other secondary regulations enacted under these laws.

      Personal data is stored for the durations stipulated by these laws and other secondary regulations in force.

      2.1.3 Storage and Purposes of Personal Data Processing

      Bigben Kuyumculuk processes and stores personal data in compliance with Articles 4 and 5 of the Law on the Protection of Personal Data No. 6698. Article 5 stipulates that personal data may be processed based on the explicit provision of the law, the necessity to fulfill a legal obligation of the data controller, the necessity for the establishment, exercise, or protection of a legal right, and the necessity for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject. Bigben Kuyumculuk stores personal data for the following purposes:

      2.1.3.1 Purposes of Processing Personal Data

      a) Carrying out business processes and ensuring that individuals benefit from the products and services offered by Bigben Kuyumculuk:

      1. Planning and executing sales processes of products and/or services
      2. Planning and/or executing after-sales support services
      3. Planning and executing customer relationship management processes
      4. Tracking contractual processes and/or legal requests
      5. Tracking customer requests and/or complaints

      b) Planning and executing Bigben Kuyumculuk’s human resources policies and processes:

      1. Planning and executing talent and career development activities
      2. Fulfilling employment contracts and/or regulatory obligations for company employees
      3. Planning and executing employee benefits and additional rights
      4. Planning and executing internal orientation activities
      5. Planning and executing employee exit processes
      6. Managing payroll
      7. Planning human resources processes
      8. Managing recruitment processes
      9. Planning and executing company promotion, transfer, and termination processes
      10. Planning and executing employee performance evaluation processes
      11. Monitoring and/or supervising employee work activities
      12. Planning and/or executing internal training activities
      13. Planning and executing employee satisfaction and engagement processes
      14. Planning and executing processes for collecting and evaluating employee suggestions for improving work and/or production processes
      15. Planning and/or executing internship and/or student placement and operational processes

      c) Carrying out necessary activities to execute Bigben Kuyumculuk’s commercial activities and conducting related business processes:

      1. Event management
      2. Planning and executing business activities
      3. Planning and executing corporate communication activities
      4. Planning and executing supply chain management processes
      5. Planning and executing production and/or operational processes
      6. Planning, monitoring, and executing information security processes
      7. Establishing and managing information technology infrastructure
      8. Planning and executing business partners' access to information
      9. Monitoring finance and/or accounting activities
      10. Planning and executing corporate sustainability activities
      11. Planning and executing corporate governance activities
      12. Planning and/or executing business continuity activities
      13. Planning and executing logistics activities

      d) Planning and executing necessary activities to personalize and promote Bigben Kuyumculuk’s products and services according to the preferences, usage habits, and needs of individuals:

      1. Identifying and/or evaluating individuals for marketing activities based on consumer behavior criteria
      2. Designing and/or executing personalized marketing and/or promotional activities
      3. Designing and/or executing advertising, promotional, and/or marketing activities on digital and/or other media
      4. Designing and/or executing customer acquisition and/or value creation activities for existing customers in digital and/or other media
      5. Planning and/or executing data analytics studies for marketing purposes
      6. Planning and executing marketing processes for products and/or services
      7. Planning and/or executing processes to establish and/or increase customer loyalty toward the company's products and/or services

      e) Planning and executing Bigben Kuyumculuk’s commercial and/or business strategies:

      1. Managing relationships with business partners

      f) Ensuring the legal, technical, and commercial security of Bigben Kuyumculuk and the individuals with whom it has a business relationship:

      1. Following up on legal matters
      2. Planning and executing operational activities to ensure compliance with company procedures and/or relevant regulations
      3. Providing information to authorized organizations based on legal requirements
      4. Creating and tracking visitor records
      5. Planning and executing emergency management processes
      6. Conducting corporate and partnership law procedures
      7. Planning and executing company audit activities
      8. Planning and/or executing occupational health and safety processes
      9. Managing credit process risk assessments
      10. Ensuring the security of company premises and/or facilities
      11. Ensuring the security of company operations
      12. Planning and/or executing the company's financial risk management processes
      13. Ensuring the security of company assets and/or resources

      BIGBEN KUYUMCULUK:

      I. Conducting human resources processes
      II. Managing accounting and finance processes
      III. Carrying out software development and improvement processes specific to Bigben Kuyumculuk
      IV. Ensuring corporate communication
      V. Ensuring company security
      VI. Executing tasks and procedures based on signed contracts and protocols
      VII. Fulfilling legal obligations required by regulations
      VIII. Communicating with individuals and legal entities in a business relationship with the company
      IX. Performing legal reporting
      X. Managing software support and assistance processes for Bigben Kuyumculuk
      XI. Managing electronic/mobile signature processes
      XII. Running the digital project system
      XIII. Managing software processes specific to Bigben Kuyumculuk
      XIV. Fulfilling evidentiary obligations in potential future legal disputes

      2.1.4 Categories of Personal Data

      The personal data categorized below as examples by Bigben Kuyumculuk are processed in accordance with the conditions for personal data processing stipulated in the Law and relevant legislation.

      Data CategoryDescription
      Identity InformationInformation contained in documents such as driver's license, ID card, residence certificate, passport, attorney ID, and marriage certificate.
      Contact InformationInformation used to communicate with the individual (e.g., email address, phone number, mobile phone number, address).
      Location InformationInformation used to determine the location of the data subject (e.g., location data obtained while using a vehicle).
      Customer InformationInformation about customers who benefit from our products and services (e.g., customer number, occupation details, etc.).
      Customer Transaction InformationInformation related to any transactions performed by customers benefiting from our products and services.
      Physical Space Security InformationPersonal data related to records and documents such as camera recordings, fingerprint records taken during entry into a physical space and while staying inside.
      Transaction Security InformationPersonal data processed to ensure the technical, administrative, legal, and commercial security of Bigben Kuyumculuk’s business activities.
      Financial InformationPersonal data processed in relation to financial outcomes created based on the nature of the legal relationship established between Bigben Kuyumculuk and the data subject.
      Job Applicant InformationPersonal data processed in relation to individuals who have applied for a job at Bigben Kuyumculuk, have been considered as job candidates in accordance with commercial customs and ethical rules, or have an employment relationship with Bigben Kuyumculuk.
      Employee InformationPersonal data processed regarding individuals who have an employment relationship with Bigben Kuyumculuk.
      Legal Transaction and Compliance InformationPersonal data processed to determine, track, and fulfill Bigben Kuyumculuk’s legal claims and obligations, and to ensure compliance with company policies.
      Audit and Inspection InformationPersonal data processed to ensure compliance with legal obligations and company policies.
      Sensitive Personal DataPersonal data related to a person's race, ethnic origin, political opinion, philosophical beliefs, religion, sect, or other beliefs, dress and appearance, membership in associations, foundations, or trade unions, health, sexual life, criminal record, security measures, biometric, and genetic data.
      Marketing InformationPersonal data processed for the purpose of marketing Bigben Kuyumculuk’s products and services in a personalized manner based on the data subject’s usage habits, preferences, and needs, as well as reports and evaluations created as a result of such processing.
      Request/Complaint Management InformationPersonal data related to any request or complaint directed to Bigben Kuyumculuk.
      Reputation Management InformationInformation collected to protect the commercial reputation of Bigben Kuyumculuk and details about actions taken based on related evaluation reports.
      Incident Management InformationPersonal data processed to take the necessary legal, technical, and administrative measures against incidents affecting the commercial rights and interests of Bigben Kuyumculuk and its customers.
      Personal ReferencesData regarding individuals who can provide information about a job applicant's work style and qualifications and whom Bigben Kuyumculuk can contact if necessary.

      2.1.5 Exercising Rights

      Bigben Kuyumculuk declares that it will comply with legal and ethical rules by keeping open the necessary application channels for the deletion or destruction of data, except in cases where legal obligations, specific contracts requiring data retention, or transactions made for the exercise of rights exist.

      It commits to responding to requests within the legally prescribed timeframes and to taking necessary actions in cases where there are no legal or contractual obstacles to fulfilling the request. The communication channels for these requests are published in this policy and on the company’s website.

      To download the application form, visit [FORM LINK].
      For electronic communication: Email address: ………………..
      For written documents: Company Address:
      "Molla Fenari Mah. Nur-u Osmaniye Cad. Orient Bazaar No: 45 İç Kapı No: 304 Fatih / Istanbul"

      2.2 Principles of Data Disposal

      Personal data will be deleted, destroyed, or anonymized by the company in the following circumstances:

      1. Amendment or repeal of the relevant legislation that forms the basis for processing.
      2. Elimination of the purpose requiring data processing or storage.
      3. Revocation of explicit consent in cases where personal data processing relies solely on explicit consent.
      4. Approval of a request submitted by the data subject for the deletion or destruction of personal data under Article 11 of the Law.
      5. A complaint to the Authority if the company refuses the data subject’s request for deletion, destruction, or anonymization, provides an insufficient response, or fails to respond within the legally defined period, leading to a decision by the Authority that the request is justified.
      6. Expiration of the maximum retention period and the absence of any conditions justifying the continued retention of personal data.

      In these cases, upon the request of the data subject or by the company’s own initiative, the data will be deleted, destroyed, or anonymized.

      3. Principles and Conditions for Processing Personal Data

      Bigben Kuyumculuk processes personal data in compliance with Article 4 of the Law, adhering to the principles of lawfulness and fairness, accuracy, transparency, specified and legitimate purposes, proportionality, and limited retention.

      The company retains personal data only for the period prescribed by laws or necessary for the purpose of processing.

      3.1 Principles for Processing Personal Data

      Bigben Kuyumculuk ensures that it informs data subjects in accordance with Article 10 of the Personal Data Protection Law (KVK Law) and, where required, obtains their explicit consent before processing personal data.

      3.1.1 Processing in Accordance with the Law and the Principle of Fairness

      Bigben Kuyumculuk ensures that personal data processing complies with legal regulations and the principle of fairness. The company considers the interests and reasonable expectations of data subjects while striving to achieve its data processing objectives.

      3.1.2 Ensuring Accuracy and Updating of Personal Data

      Maintaining the accuracy and up-to-dateness of personal data is essential for protecting the fundamental rights and freedoms of data subjects. Bigben Kuyumculuk is committed to ensuring the correctness and up-to-date status of data and keeps all communication channels open for this purpose.

      3.1.3 Processing for Specific, Explicit, and Legitimate Purposes

      Bigben Kuyumculuk clearly defines its lawful and legitimate purposes for processing personal data. It processes only as much personal data as necessary in relation to its business activities.

      3.1.4 Processing Data in Connection with, Limited to, and Proportionate to Its Purpose

      Bigben Kuyumculuk processes personal data only for purposes related to its field of business and to the extent necessary for operational activities. It avoids processing irrelevant or unnecessary personal data.

      3.1.5 Retention of Personal Data for the Necessary Period

      Bigben Kuyumculuk retains personal data only for the period specified by law or as required by its purpose of processing. If a retention period is defined in the legislation, the company complies with it. If no period is specified, the data is retained only as long as necessary. Once the purpose of processing no longer exists or the legal retention period expires, the data is deleted, destroyed, or anonymized.

      3.2 Conditions for Processing Personal Data

      Personal data is processed by Bigben Kuyumculuk if at least one of the conditions specified in Article 5 of the Law is met.

      3.2.1 The Explicit Consent of the Data Subject

      One of the conditions for processing personal data is the explicit consent of the data subject. The data subject's explicit consent must be given for a specific issue, based on information, and expressed freely.

      To process personal data based on explicit consent, Bigben Kuyumculuk obtains consent from employees, job applicants, marketers, suppliers, customers, potential customers, third parties, and visitors through appropriate methods.

      3.2.2 Processing of Personal Data Explicitly Provided for by Law

      If the processing of personal data is explicitly stipulated by law, the data subject’s explicit consent is not required for lawful data processing.

      3.2.3 Inability to Obtain the Data Subject’s Explicit Consent Due to Impossibility

      If the data subject is unable to provide consent due to factual impossibility or if consent cannot be considered legally valid, personal data may be processed if it is necessary to protect the life or physical integrity of the data subject or another person.

      3.2.4 Processing Necessary for the Execution or Performance of a Contract

      If the processing of personal data is directly related to the establishment or performance of a contract, it may be processed without the explicit consent of the data subject.

      3.2.5 Compliance with Legal Obligations

      If the processing of personal data is necessary for Bigben Kuyumculuk to fulfill its legal obligations as a data controller, it may process personal data without obtaining the explicit consent of the data subject.

      3.2.6 Publicly Disclosed Personal Data

      If a data subject has made their personal data public, such personal data may be processed.

      3.2.7 Processing Required for the Establishment or Protection of a Right

      If personal data processing is necessary for the establishment, exercise, or protection of a legal right, it may be processed without explicit consent.

      3.2.8 Processing Necessary for Legitimate Interests

      If personal data processing is necessary for Bigben Kuyumculuk's legitimate interests, provided that it does not infringe upon the fundamental rights and freedoms of the data subject, it may be processed without explicit consent.

      3.3 Processing of Special Categories of Personal Data

      Bigben Kuyumculuk complies with the relevant legal regulations when processing personal data classified as “special categories” under the Personal Data Protection Law (KVK Law).

      Special categories of personal data may be processed if:

      • The data subject has given explicit consent, or
      • The data subject has not given explicit consent, but the processing is permitted under legal provisions, including:
        • Health and sexual life data may only be processed by persons or institutions under a confidentiality obligation for purposes such as public health protection, preventive medicine, medical diagnosis, treatment, and healthcare service management.

      4. TRANSFER OF PERSONAL DATA

      Bigben Kuyumculuk may transfer the personal data and special category personal data of data subjects to domestic or foreign third parties by taking necessary security measures and in accordance with the conditions specified in the KVK Law (Article 8).

      4.1 Transfer of Personal Data to Third Parties Within the Country

      If at least one of the conditions specified in Articles 5 and 6 of the Law and Section 3 of this Policy is met, and fundamental principles of data processing are followed, personal data may be transferred within Turkey.

      4.2 Transfer of Personal Data to Third Parties Abroad

      If at least one of the conditions specified in Section 3 of this Policy is met and appropriate security measures are taken, Bigben Kuyumculuk may transfer personal data to third parties abroad, in accordance with Article 9 of the KVK Law.

      4.3 Third Parties to Whom Personal Data is Transferred and the Purpose of Transfer

      Bigben Kuyumculuk may transfer personal data to the following parties, categorized for illustrative purposes:

      RecipientDefinitionPurpose
      Business PartnerEntities with which Bigben Kuyumculuk has established a business partnership for commercial activities.Limited to ensuring the fulfillment of the business partnership objectives.
      ShareholdersShareholders authorized to design strategies and conduct audits for Bigben Kuyumculuk under applicable laws.Limited to designing business strategies and conducting audits.
      Company ExecutivesBoard members and other authorized personnel.Limited to strategic planning, high-level management, and audit purposes.
      Legally Authorized Public InstitutionsGovernment institutions and organizations legally authorized to request information from Bigben Kuyumculuk.Limited to meeting the official information requests of public institutions.
      Legally Authorized Private InstitutionsPrivate legal entities authorized by law to request information and documents from Bigben Kuyumculuk.Limited to fulfilling legal obligations.

      5. RIGHTS OF THE DATA SUBJECT AND EXERCISING THESE RIGHTS

      5.1 Rights of the Data Subject

      Data subjects have the right to:

      1. Learn whether their personal data is being processed.
      2. Request information about their processed personal data.
      3. Learn the purpose of processing and whether their data is used in accordance with that purpose.
      4. Know the third parties, in Turkey or abroad, to whom personal data has been transferred.
      5. Request correction of incomplete or incorrect data and notify third parties accordingly.
      6. Request deletion or destruction of personal data in accordance with KVK Law and other legal provisions and notify third parties accordingly.
      7. Object to any negative consequences arising from the exclusive use of automated systems for personal data processing.
      8. Claim compensation if personal data is processed unlawfully, causing harm.

      If personal data is not directly obtained from the data subject, Bigben Kuyumculuk ensures that data subjects are informed:

      1. Within a reasonable time after obtaining personal data.
      2. During the first communication, if personal data is used for communication.
      3. Before the first data transfer, if personal data is to be transferred.

      5.2 Cases Where Data Subjects Cannot Exercise Their Rights

      According to Article 28 of the KVK Law, the rights listed in 5.1 cannot be exercised in the following cases:

      1. If personal data is processed by natural persons for personal use within a household setting, provided it is not disclosed to third parties and security obligations are met.
      2. If personal data is processed for official statistics, research, planning, or statistical purposes in an anonymized manner.
      3. If personal data is processed for artistic, historical, literary, scientific, or journalistic purposes, without violating privacy or personal rights.
      4. If personal data is processed by government institutions authorized by law for national defense, public security, economic security, or intelligence purposes.
      5. If personal data is processed by judicial authorities for investigation, prosecution, trial, or enforcement purposes.

      Additionally, under Article 28/2 of the KVK Law, data subjects cannot exercise their rights, except for compensation claims, in the following cases:

      1. If data processing is necessary to prevent crime or conduct criminal investigations.
      2. If data has been publicly disclosed by the data subject.
      3. If data processing is required for government audits, regulatory activities, or disciplinary investigations.
      4. If data processing is necessary to protect the state's financial and economic interests.

      5. 6. DELETION, DESTRUCTION, AND ANONYMIZATION OF PERSONAL DATA

        As regulated in Article 138 of the Turkish Penal Code and Article 7 of the Personal Data Protection Law (KVK Law), even if personal data has been processed in compliance with legal provisions, it will be deleted, destroyed, or anonymized if the reasons requiring its processing no longer exist. This process may be carried out based on Bigben Kuyumculuk's decision or at the request of the data subject.

        To fulfill this obligation, Bigben Kuyumculuk takes the necessary technical and administrative measures within the company, develops the necessary operational mechanisms, trains relevant business units, assigns responsibilities, and ensures awareness of this obligation.

        7. TECHNICAL AND ADMINISTRATIVE MEASURES

        In accordance with Article 12 of the KVK Law, Bigben Kuyumculuk has taken the following technical and administrative measures to ensure the secure storage of personal data, lawful processing, prevention of unauthorized access, and lawful deletion of data:

        7.1 Administrative Measures

        As part of its administrative measures, Bigben Kuyumculuk:

        1. Restricts access to stored personal data to personnel who need access due to their job description. The special nature and importance of the data are also considered when setting access limits.
        2. Notifies the relevant individuals and the KVK Authority as soon as possible in the event of unlawful access to personal data.
        3. Ensures data security by signing framework agreements or adding data protection clauses in existing contracts with third parties to whom personal data is transferred.
        4. Hires experienced and knowledgeable personnel in data processing and trains employees on data protection laws and security.
        5. Conducts internal audits to ensure compliance with legal provisions and takes measures to eliminate any security weaknesses identified during these audits.
        6. Establishes an internal KVK committee that implements necessary administrative measures and monitors compliance through participation of relevant department managers.
        7. Establishes and ensures compliance with policies, procedures, and forms to implement all processes related to KVK Law.

        7.2 Technical Measures

        Bigben Kuyumculuk implements the following technical measures to protect the personal data it processes:

        1. Security Scanning System: Internal systems are regularly tested for risks, threats, vulnerabilities, and security gaps, and appropriate measures are taken.
        2. Third-party security audits: External security service providers conduct periodic security tests.
        3. Real-time monitoring: Information security management actively monitors risks and threats to ensure the continuity of IT systems.
        4. Access control: Access to IT systems and users' authorization levels are managed in accordance with ISO 9001 standards.
        5. Physical security measures are implemented to protect IT infrastructure, software, and data from external threats.
        6. Network security measures include:
          • Firewall and intrusion prevention systems,
          • Access control systems,
          • Anti-malware and security software.
        7. Access restrictions to personal data are monitored, and unauthorized access attempts are logged and controlled.
        8. Anonymization methods are used when personal data must be stored without direct association with an individual.
        9. Strong encryption is used for personal data stored in electronic environments.
        10. Logging mechanisms are implemented for the secure tracking of access to data.
        11. Security patches are applied regularly, and IT systems are kept up to date.
        12. Data masking and pseudonymization are used to prevent unauthorized access.
        13. Special policies and access restrictions are applied to sensitive personal data.
        14. Encryption, password protection, and digital signature mechanisms are used to ensure the security of sensitive data.
        15. Data transmission security is ensured through:
          • Encrypted corporate emails or KEP accounts for email communication.
          • VPN or sFTP protocols for transferring data between servers.
          • Confidential markings and protective measures when transferring data in physical form.

        8. DATA DESTRUCTION TECHNIQUES

        At the end of the legally required retention period or when the purpose of processing is no longer valid, Bigben Kuyumculuk will delete, destroy, or anonymize personal data either automatically or upon request, following the methods specified below.

        8.1 Deletion of Data

        Personal data stored in digital systems is deleted using methods that ensure it cannot be accessed or reused by any authorized users. These methods include:

        1. Secure software-based deletion:
          • Data stored in cloud systems is deleted using secure deletion commands.
          • Access rights to centralized servers and databases are revoked.
          • Data stored on removable media (USB, flash drives, etc.) is deleted using specialized data wiping software.
        2. Secure deletion by a specialist: In some cases, an external expert may be hired to ensure permanent deletion of personal data.
        3. Masking data in physical documents:
          • Personal data in printed documents is blacked out using permanent ink or physical removal to prevent recovery.

        8.2 Destruction of Personal Data

        Personal data that is not stored electronically is destroyed using one of the following methods:

        1. Degaussing: High magnetic fields are applied to magnetic storage media to render the data unreadable.
        2. Physical destruction: Non-digital records (e.g., paper documents) are shredded or incinerated.
        3. Overwriting: Sensitive data is overwritten at least seven times with random binary patterns to prevent recovery.

        8.3 Anonymization of Data

        When data is anonymized, it can no longer be associated with an identifiable individual. Bigben Kuyumculuk uses the following anonymization techniques:

        • Value Consistency Anonymization: Removing variables, regional masking, generalization, and global coding.
        • Value Distortion Anonymization: Adding noise, micro-aggregation, and swapping data values.

        9. DATA RETENTION AND DESTRUCTION PERIODS

        The retention and destruction periods for data processed by Bigben Kuyumculuk are determined by the following schedule. Bigben Kuyumculuk will conduct periodic destruction processes in January and June of each year in accordance with KVK Law and this Policy.

        ProcessRetention PeriodDestruction Period
        Corporate Communication Activities10 years after terminationWithin 30 days of request
        General Assembly Processes10 yearsWithin 180 days after retention period
        Legal Requests Regarding Employees10 years after terminationWithin 180 days after retention period
        Employment Applications10 years after terminationWithin 180 days after retention period
        Payroll Processing10 years after terminationWithin 180 days after retention period
        Work Safety and Health Records10 years after terminationWithin 180 days after retention period

        10. PUBLICATION AND STORAGE OF POLICIES AND PROCEDURES

        This Policy is published in two formats:

        1. Physically signed (printed) copies, stored at Bigben Kuyumculuk's headquarters.
        2. Electronic copies, published on the company’s website.

        11. POLICY UPDATES

        This Policy will be updated if:

        • Regulatory changes occur.
        • New official requirements are introduced.
        • Bigben Kuyumculuk determines a need for revision.

        12. ENFORCEMENT AND REPEAL OF POLICY

        This Policy takes effect upon its publication on Bigben Kuyumculuk’s website. In case of a conflict between this Policy and applicable laws, the provisions of relevant laws shall prevail.

        Bigben Kuyumculuk reserves the right to modify this Policy as necessary. The latest version can be accessed at www.[company website].com.

        If this Policy is repealed, physical copies will be marked as canceled and retained for at least five years.


        BIGBEN KUYUMCULUK SANAYİ VE DIŞ TİCARET LTD. ŞTİ.