About SignalSight
SignalSight is an experienced tech solution who strives
to connect brands with their customers like never before.
This policy aims to describe the methods adopted for the processing, protection, storage and destruction of personal data processed in all kinds of activities carried out by ZZGTECH LTD (ZZGTECH) in the capacity of data controller and to fulfil the obligation of disclosure in accordance with Article 13-14 of the European Union General Data Protection Regulation and UK Data Protection Regulation (EU GDPR and UK GDPR hereinafter referred to as GDPR). This policy includes the principles applied in the collection, use, sharing, storage and destruction of personal data by ZZGTECH. It aims to inform the relevant persons about the personal data of employees, candidate employees, relatives of employees, references, supplier employees, company partners, suppliers and candidate suppliers, prospective suppliers, prospective customers, online visitors, outsource employees, partner employees, partner company officials, customers and related persons of customers processed by ZZGTECH.
This policy; It covers all recording media and activities for personal data processing where personal data belonging to employees, candidate employees, employee relatives, references, supplier employees, company partners, suppliers and candidate suppliers, customer candidates, online visitors, outsource employees, partner employees, partner company officials, customers and customers' related persons owned by ZZGTECH or managed by ZZGTECH are processed.
All employees, external service providers and anyone else who stores and processes personal data within the organisation are responsible for fulfilling the requirements for the storage and destruction of personal data processed within the organisation. Each business unit is obliged to store and protect the data produced in its own business processes.
The Data Protection Officer (DPO) is responsible for notifying or accepting notifications or correspondence with the ICO Authority on behalf of the data controller and for registration in the register.
The distribution of the titles, units and job descriptions of those involved in the storage and destruction of personal data is detailed below;
Data Protection Officer (DPO): On behalf of the Data Controller, to design, plan, perform the works and transactions to be carried out within the framework of the procedures and principles set out in the Law, to organise the relevant actions and to ensure audits.
Archive Officer To carry out the processes of processing, storage, deletion, editing, destruction and anonymisation of personal data stored in the archive.
Information Security Committee Member: Assists the DPO to design, plan, realise the works and transactions to be carried out within the framework of the procedures and principles set out in the Law on behalf of the Data Controller and to ensure the relevant audits and helps to maintain the processes related to personal data security by supporting the DPO. It takes part in the evaluation and response stages of personal data requests from data subjects. In addition, the Information Security Committee Member takes part in ISO 27001 Information Security Management System, ISO 27701 Personal Data Management System and ISO 9001 Quality Management System standard studies.
| Definition / Abbreviation | Description |
|---|---|
| Open Consent | Consent on a specific subject, based on information and expressed with free will. |
| Related User | Persons who process personal data within the organisation of the data controller or in accordance with the authority and instructions received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data. |
| Data Owner/Related Person | The natural person whose personal data is processed. |
| Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
| Data Processor | A natural or legal person who processes personal data on behalf of the data controller based on the authorisation granted by the data controller. |
| Destruction | Deletion, destruction or anonymisation of personal data. |
| Periodic Disposal | In the event that all of the conditions for the processing of personal data specified in the Law disappear, the deletion, destruction or anonymisation process to be carried out ex officio at recurring intervals specified in this policy. |
| Law | UK Data Protection Regulation |
| EU GDPR | European Union Data Protection Regulation |
| UK GDPR | UK Data Protection Regulation |
| Anonymisation | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
| Recording Media | All kinds of media containing personal data that are fully or partially automated or processed by non-automated means, provided that they are part of any data recording system. |
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Personal Data Inventory | Inventory in which data controllers elaborate the personal data processing activities they carry out depending on their business processes by associating them with the purposes of processing personal data, data category, transferred recipient group and data subject group and by explaining the maximum period required for the purposes for which personal data are processed, personal data foreseen to be transferred to foreign countries and measures taken regarding data security. |
| Processing of Personal Data | Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganising, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. |
| Anonymisation of Personal Data | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
| Deletion of Personal Data | Deletion of personal data; making personal data inaccessible and non-reusable in any way for the Relevant Users. |
| Destruction of Personal Data | The process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way. |
| Board | European and UK Data Protection Authority (ICO) supervisory authorities |
| ICO | UK Data Protection Authority |
| Electronic Media | Environments where personal data can be created, read, changed and written with electronic devices. |
| Non-Electronic Media | All written, printed, visual, etc. other media other than electronic media. |
| Sensitive Personal Data (Intimate Data) | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. |
| Data Recording System | Recording system in which personal data are structured and processed according to certain criteria. |
| Employee | ZZGTECH staff. |
| Service Provider | A natural or legal person who provides services under a specific contract with ZZGTECH. |
| Online Visitor | Site visitors who visit ZZGTECH's website and whose cookie information is obtained |
| Customer | Legal and natural persons with whom ZZGTECH has an agreement and who benefit from ZZGTECH's services |
| Customer Contact Person | In cases where ZZGTECH is a data processor, natural persons who are the data controller of the Customer with whom ZZGTECH has an agreement and who are under the responsibility of ZZGTECH |
| SSL VPN | It is a virtual private network technology that provides secure access. |
ZZGTECH sets out the necessary measures and the process applied for the protection and processing of personal data in a concrete manner with this policy. In cases where this policy is incompatible with the relevant laws and regulations or if the policy is outdated in line with the updated legislation, ZZGTECH agrees to comply with the applicable legislation. According to the changes in laws, regulations and legislation, this policy is updated and revised in order for ZZGTECH to fulfil the legal requirements.
ZZGTECH processes the following personal data:
| Data Owner | Data Categories |
|---|---|
| Employees | Criminal records, bank and salary information, audio-visual records, legal files, contact information, identity information, log records, professional information, personal and health information |
| Employee Candidates | Photograph, credentials, contact details, professional and personal information |
| Employee Relatives | Name, surname and telephone number |
| Online Visitor | IP address, browser information, website logs (anonymised) and cookie information |
| Customers | Bank and financial information, legal documents, identity information, contact information, log records, complaint and support records, company and tax office information, service and offer information |
| Contact Person for Customers | Finance, visual and audio recordings, communication, transaction security, identity, location, customer transaction, personal data, cookie information |
| Partners | Bank and financial information, identity information, contact information, signature circular and power of attorney |
| Outsourced Employees | Bank and financial information, contact, log records, identity, personal and embezzlement information |
| Partner Employee | Identity, communication |
| Partner Officer | Identity, communication |
| Potential Customers | Identity, contact, log records, service content and offer information, company information |
| Potential Suppliers | Name, surname, title, contact and offer information |
| References | Name, surname, title, contact and company information |
| Supplier Employee | Name, surname, contact information |
| Supplier Authorised | Identity information, contact information, log records, bank and financial information, legal files, tax office information |
ZZGTECH processes personal data for the following purposes;
| Purpose of Data Processing | Data Subjects |
|---|---|
| Execution of Emergency Management Processes | Employee Relatives |
| Execution of Information Security Processes | Employees, Outsourced Employees |
| Execution of Application Processes of Employee Candidates | Employee Candidates, References |
| Fulfilment of Labour Contract and Legislative Obligations for Employees | Employees |
| Management of Disciplinary Processes | Employees |
| Execution of Training Activities | Employees, Outsourced Employees |
| Execution of Access Authorisations | Employees, Customers, Outsource Employees, Supplier Authorised |
| Execution of Activities in Accordance with the Legislation | Employees, Online Visitors, Customers, Outsource Employees |
| Execution of Finance and Accounting Affairs | Employees, Customers, Partners, Supplier Authorised |
| Ensuring Physical Space Security | Employees |
| Execution of Assignment Processes | Employees |
| Follow-up and Execution of Legal Affairs | Employees, Customers, Supplier Authorised |
| Execution of Communication Activities | Employees, Employee Candidates, Outsource Employees, Supplier Employees |
| Planning Human Resources Processes | Employees, Relatives of Employees, Outsourced Employees |
| Execution / Supervision of Business Activities | Employees, Partners, Outsource Employees, Partner Employee, Partner Officer |
| Execution of Occupational Health / Safety Activities | Employees |
| Receiving and Evaluating Suggestions for Improvement of Business Processes | Partner Employee, Partner Officer |
| Execution of Business Continuity Ensuring Activities | Employees, Outsourced Employees |
| Execution of Goods / Service Procurement Processes | Supplier Employee, Supplier Authorised |
| Execution of Goods / Services After Sales Support Services | Customers |
| Execution of Goods / Service Sales Processes | Customers, Partner Employee, Partner Officer |
| Execution of Goods / Service Production and Operation Processes | Customers, Customer Contact Person |
| Conducting Marketing Analysis Studies | Online Visitor |
| Execution of Contract Processes | Employees, Outsourced Employees |
| Follow-up of Requests / Complaints | Customers, Potential Customers |
| Ensuring the Security of Movable Property and Resources | Employees, Outsourced Employees |
| Execution of Supply Chain Management Processes | Potential Suppliers |
| Execution of Wage Policy | Employees |
| Execution of Marketing Processes of Products / Services | Customers, Potential Customers |
| Ensuring the Security of Data Controller Operations | Employees |
| Providing Information to Authorised Persons, Institutions and Organisations | Employees |
ZZGTECH processes personal data according to the following sub-processes;
| Unit | Process | Data Categories |
|---|---|---|
| IT Operations and Infrastructure | Access Authorisation Controls | Communication, Identity |
| User Support | Identity | |
| Mail Service | Communication, Identity | |
| Application Log Management | Communications, Log Records, Identity | |
| Remote Working | Communications, Log Records, Identity | |
| Obtaining Cookie Information | IP address, Browser information, Website logs (anonymised) | |
| Customer Accounts Management Process | Communication, Log Records, Identity | |
| Application Activation Process | Communication, Identity, Personality | |
| Software Deployment Process | Finance, Audiovisual records, Communication, Log Records, Identity, Location, Customer transaction, Personnel, Marketing | |
| Software Support Process | Contact, Identity, Customer Transaction, Personnel, | |
| Human Resources | Payroll Process | Finance, Contact, Identity, Personal, Health Information |
| Personnel File Creation Process | Criminal Record Information, Finance, Audio-visual records, Identity, Contact, Professional experience, Personal, Health information | |
| Disciplinary Process | Identity, Personal | |
| Education Process | Finance, Identity | |
| Legal Processes | Finance, Legal action, Communication, Identity, Personnel | |
| Recruitment Candidate Selection | Audiovisual records, Communication, Identity, Professional experience, Personnel | |
| Signature of Dismissal Documents | Finance, Communication, Identity, Personnel | |
| Consent Form Process | Identity | |
| Outsourced Employees | Finance, Communication, Identity | |
| Contract Process | Finance, Communication, Identity | |
| Receiving Commitments | Identity, Personal | |
| Embezzlement Processes | Identity, Personal | |
| Human Resources / Administrative Affairs | Purchasing Processes | Finance, Communication, Identity, Personnel |
| Business Development | Business Development Process | Communication, Identity |
| Financial Affairs | Finance Process | Finance, Communication, Identity, Personnel |
| Customer Operations | Finance, Communication, Identity, Personnel | |
| Supplier Operations | Finance, Communication, Identity, Personnel | |
| Sales Marketing | Sales Marketing Process | Contact, Log Record, Identity, Personality, cookie information |
| Obtaining Cookie Information | IP address, browser information, cookie information (anonymised) | |
| Senior Management | Execution of Legal Processes | Finance, Legal action, Communication, Identity |
| Software Development and R&D | Development of Artificial Intelligence Models | Audiovisual Records, Customer Processing, Marketing |
| Software Analysis Process | Communication, Identity | |
| Software Development Process | Log Records, Identity | |
| Software Testing Process | Communication, Identity |
ZZGTECH methods of obtaining personal data are set out below:
| Data Categories | Method of Obtaining |
|---|---|
| Criminal Records | Hand delivery, paper media |
| Finance Knowledge | Electronic records and paper forms, customer and supplier current cards, mail, hand delivery, invoice, stamp information, accounting programme, executive declarations, verbal declaration, payroll, personnel files, personnel employment contract, purchasing contracts, customer contracts, written declaration, software database |
| Audio and Visual Recordings | Hand delivery, job application site interface, mail, customer data sources, software database, HR Company |
| Legal Action | Enforcement correspondence, customer and supplier current cards, contracts, personal files |
| Contact Details | Electronic records and paper forms, visual, verbal declaration, IT application, customer and supplier current cards, support panel, mail, hand delivery, invoice, job application site interface, stamp information, accounting programme, release document, executive correspondence, employment document list form, customer and supplier contracts, written declaration, application panel, personnel files, personnel employment contract, project management application, social media platforms, software database, HR Company |
| Transaction Security Information | IT application, mail, application panel, project management application, oral statement, software database, website |
| Credentials | Electronic records and paper forms, visual, verbal declaration, IT application, mail, support panel, HR documents (disciplinary documents, defence letters, minutes, disclosure and explicit consents, embezzlement forms, release, consent and agreements, expense form, personnel leave form, executive paper, resignation letter), hand delivery, invoice, training attendance forms, job application site interface, stamps, accounting programme, recruitment document list form, paper media, business cards, customer and supplier contracts, application panel, customer and supplier current cards, personnel files, policy document, project management application, social media platforms, software database, HR Company |
| Location Information | Software database |
| Occupational Information | Hand delivery, job application site interface, mail, HR Company |
| Customer Transaction Information | Support panel, mail, customer data sources, software database |
| Personal Information | Electronic records and paper forms, visual, verbal declaration, current card, mail, contract, support panel, HR documents (disciplinary documents, defence letters, minutes, release document, resignation letter, notice of dismissal, personnel leave form, embezzlement forms), hand delivery, invoice, job application site interface, stamps, accounting program, application panel, personnel files, purchase contracts, written declaration, software database, HR Company |
| Marketing Information | Mail, customer data sources, software database, website, electronic registration forms |
| Health Information | Hand delivery |
ZZGTECH processes personal data due to legal obligations and to ensure business continuity. Your personal data; In the light of the principles stipulated in Article 5 of the GDPR, it is processed by obtaining explicit consent or in the cases specified in Article 5 of the GDPR. In data processing, it is essential to obtain explicit consent in case the requirements of the Law are not met.
The relevant laws regarding foreseen in the law are detailed in this policy.
Provided that adequate measures are taken; it is stipulated in the laws in terms of personal data of special nature other than health and sexual life, and in terms of personal data of special nature related to health and sexual life;
The legal grounds used by ZZGTECH to process data are detailed in the "Personal Data Inventory" document.
The GDPR regulations set out principles for the processing of personal data. ZZGTECH processes personal data in accordance with the determined principles.
The processing of personal data is carried out in accordance with the following principles;
Personal data of customers, suppliers and employees are processed in accordance with the basic principles stipulated in the GDPR, provided that public interest is observed. Within the scope of the personal data processing conditions and purposes specified in Section V of the GDPR, it may be shared with the following domestic and/or foreign related parties.
ZZGTECH carefully complies with the conditions regulated in the Law regarding the sharing of personal data with third parties, without prejudice to the provisions of other laws. Within this framework, personal data are not transferred to third parties without the explicit consent of the data subject. However, in the presence of one of the following conditions specified in the Law, personal data may be transferred without obtaining the explicit consent of the data subject:
Provided that adequate measures are taken; it is stipulated in the laws in terms of personal data of special nature other than health and sexual life, and in terms of personal data of special nature related to health and sexual life;
In the transfer of special categories of personal data, the conditions specified in the terms of processing of such data are complied with.
Domestic parties to whom personal data are transferred are detailed below;
| Related Party | Reason for Transfer | Transfer Method | Legal Basis |
|---|---|---|---|
| Contracted Banks | To be able to make profit distributions, to carry out the financial processes of partners and stakeholders, to deposit personnel salaries, | By mail, hand delivery, by mail using bulk instruction | Foreseen in the Law |
| Contracted Law Offices | User access logs can be shared with the contracted lawyer for contract control, resolution of possible disputes, execution of lawsuits related to the employee and employer, and in case of a legal request. In case of termination of the employment contract before the end of the advance repayment, the corporate lawyer can be informed. Execution of enforcement processes are shared with the enforcement office through contracted law offices. It is shared so that employees' legal objections or complaints can be evaluated. | Cargo, mail, media device | Foreseen in the Law Legitimate Interest Performance of Contract Fulfilment of Legal Obligation |
| Contracted Customers | Personal data obtained within the scope of the contract with the Contracted Customer, which is the Data Controller, must be visible to the customer | Software Offered to the Customer | Explicit consent obtained by the customer who is the Data Controller Performance of Contract |
| Contracted Suppliers | Shared in order to fulfil the terms of the agreement | Mail, Written Declaration | Open Consent Performance of Contract Legitimate Interest |
| Contracted HR Companies | Personal data can be shared in order to carry out outsourced employee employment processes | Open Consent Publicisation Performance of Contract Legitimate Interest |
|
| Authorised Courts | In case of a legal problem related to employees and in case of a legal request, user access logs are shared through the Contracted Law Office to be submitted to the court. In case of possible disputes with customers, employees and suppliers, they are shared with the competent courts through the corporate lawyer | By hand delivery through a contracted law firm or by media device | Foreseen in the Law Legitimate Interest Performance of Contract Fulfilment of Legal Obligation |
| Authorised Public Institutions and Organisations | It can be shared with the persons / institutions requesting for the continuity of the activities and operations of the institution. | Hand Delivery Photocopy, Mail, |
Foreseen in the Law |
| Advertising Publishers | On behalf of ZZGTECH and the Contracted Customer, cookie information and, where necessary, the relevant personal data of the Customer Contact Person are shared with the advertisement publisher for the promotion of products or services. | Cookie Forwarding, Client software, Ad Publisher API |
Open Consent Performance of Contract |
ZZGTECH can process personal data on foreign servers based on the agreement made with its customers who are Data Controllers, and data transfers can be made to Advertisement Publishers.
ZZGTECH is able to carry out its operations on overseas cloud systems while managing customer accounts, application activation processes and software distribution, development and testing processes.
In cases where foreign cloud use is required; security measures determined by the cloud service provider are applied. In addition, ZZGTECH has taken all technical measures that may be needed, especially data masking, hashing and authorisation limitations. The measures taken are detailed under the heading "Technical Measures".
Cookie information is received on the websites owned by ZZGTECH. Detailed information can be found in the Cookie Policy document on the website. The obligation to inform and the purposes of processing the personal data received are detailed in the Cookie Policy.
ZZGTECH uses mobile internet for internet access. ZZGTECH therefore does not process internet access logs.
System and application access logs of customers, suppliers and employees can be processed during the management of customer accounts, software distribution, application log management, remote working and software development processes. Authorisation restrictions have been made to prevent unauthorised access to logs. There is also a time stamp on the logs. In order to ensure remote access security, access is provided with VPN. In addition, static ip and mac addresses are checked. Detailed information can be found under the heading "Technical Measures".
The rights of personal data subjects specified in Part III of the GDPR are detailed below:
All employees of ZZGTECH take an active role in the implementation of the technical and administrative measures taken by the responsible units within the scope of the Policy. Measures are taken to ensure data security in all environments where personal data is processed in order to prevent unlawful processing and access of personal data by training and raising awareness of unit employees, monitoring and continuous supervision.
Personal data are securely stored by ZZGTECH in accordance with the law in the following environments;
| Electronic Media | Non-Electronic Media |
|---|---|
| Servers (Domain, application servers, database) Office applications Accounting practice Cloud system IT applications Telephone directories Information security devices (firewall, log file) Personal computers (desktop, laptop) Mobile devices (phone, tablet, etc.) Portable media (Usb, portable disc) Cookie information |
Paper Written, printed, visual media Folders Personal files Lockers of the units Job Application Forms |
ZZGTECH stores and destroys personal data belonging to Data Subject Main Category, employee, candidate employee, employee relative, reference, supplier employees, company partners, supplier and candidate supplier, customer candidate, online visitor, outsource employee, partner employee, partner company official, customer and customers' related persons in accordance with the Law.
Article 3 of the Law defines the concept of processing personal data. It is addressed in the GDPR that personal data should be linked, limited and proportionate to the purpose for which they are processed and should be kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed. Accordingly, ZZGTECH stores personal data within the framework of its activities for the period stipulated in the relevant legislation or in accordance with our processing purposes.
Your personal data are processed without the requirement of explicit consent based on the stipulation of the provisions of the law in force in the UK, legitimate interest, fulfilment of ZZGTECH's legal obligation, establishment of a right, publicisation and/or performance of the contract.
Personal data;
ZZGTECH takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data.
The measures taken by ZZGTECH to ensure the security of personal data are detailed in the sub-articles:
ZZGTECH carries out or has the necessary audits carried out to ensure personal data security. It ensures that internal audits are carried out to ensure the sustainability of personal data security. ZZGTECH provides controls according to ISO 27001 Information Security Management System and ISO 27701 Personal Data Management System standards to increase the efficiency of internal audits. It regularly performs penetration tests for technical vulnerabilities that may occur in the systems. The systems are regularly monitored by IT. When unlawful access or processing of personal data is detected in the audits, the DPO is informed.
ZZGTECH, in its contracts with third parties; It includes the necessary sanction clauses to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure the preservation of data. Confidentiality agreements are signed before sharing information with third parties. Necessary information is provided to third parties to raise awareness. In cases where third parties need to access the systems, audit trails related to access are kept.
Adequate measures must be taken for personal data of special nature both due to their nature and because they may lead to victimisation or discrimination. In Article 6 of the Law, personal data that have the risk of causing victimisation or discrimination when processed unlawfully are defined as "Special Categories".
These data include data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
ZZGTECH takes the necessary measures to protect personal data of special nature, which are determined as "special quality" by the Law and processed in accordance with the law. Sensitivity is shown for special quality personal data in technical and administrative measures taken to protect personal data.
Employees are informed about the use of special categories of personal data through policies and procedures. Sensitive personal data are not processed in the absence of the consent of the person. In cases where sensitive personal data may be processed, it is not shared with anyone other than 3rd party persons / organisations that have been informed and whose explicit consent has been obtained.
Necessary information is provided to employees in order to raise awareness to prevent unlawful processing of personal data, unlawful access to data and to ensure the preservation of data. Trainings are organised and their effectiveness is measured.
In case of changes in the relevant laws, regulations or legislation, the policies are revised and the relevant changes are re-announced to the personnel.
ZZGTECH destroys the personal data it obtains in line with the request of the personal data owners, if it is not mandatory to use it due to legal obligations, due to legal obligations or for the protection of public order and provided that it does not affect business processes. Personal data belonging to data owners are destroyed based on the decision to be taken by the organisation when the retention periods determined by the relevant laws expire or when the requirements for planning disappear in the event that the condition for the use of the relevant data disappears. Personal data that do not need to be stored on the dates determined by the DPO every year are destroyed by the following techniques in accordance with the legislation. Destruction operations are carried out in three different methods as deletion, destruction and anonymisation.
The methods of deletion of personal data are specified in the table below;
| Data Recording Environment | Description |
|---|---|
| Personal Data on Servers | For the personal data on the servers, deletion is made by the system administrator by removing the access authorisation of the relevant users for those whose retention period has expired. |
| Personal Data in Electronic Media | Personal data in the electronic environment, which expires from the personal data requiring storage, is rendered inaccessible and non-reusable in any way for other employees (relevant users) except the database administrator. In operational processes, personal data environments whose file has been finalised and completed are deleted in such a way that only the authorised administrator can access them. |
| Personal Data in Physical Environment | For personal data that expires from the personal data kept in the physical environment, it is made inaccessible and non-reusable in any way for other employees, except for the unit manager responsible for the document archive. In addition, the blackout process is also applied by scratching/painting/erasing in such a way that it cannot be read. |
| Personal Data on Portable Media | The personal data kept in Flash-based storage media and those whose period of retention has expired are encrypted by the system administrator and access authorisation is given only to the system administrator and stored in secure environments with encryption keys. |
Destruction of personal data is specified in the table below;
| Data Recording Environment | Description |
|---|---|
| Personal Data in Physical Environment | Those of the personal data in paper media, whose retention period has expired, are irreversibly destroyed in paper shredding machines. |
| Personal Data in Optical / Magnetic Media | Personal data contained in optical media and magnetic media that expire after the expiry of the period for which they are required to be retained shall be rendered physically unreadable in an irreversible manner. Destruction is carried out using the Destruction Record Form. |
Anonymisation of personal data means making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if the personal data is matched with other data.
In order for personal data to be anonymised; personal data must be rendered unassociable with an identified or identifiable natural person, even through the use of appropriate techniques for the recording medium and the relevant field of activity, such as the return of personal data by the data controller or third parties and / or matching the data with other data.
The retention periods for personal data processed by ZZGTECH within the scope of its activities, all personal data within the scope of the activities carried out depending on the processes are detailed in the Data Inventory document.
Retention periods have been determined by taking into account the laws to which ZZGTECH is subject, the provisions of the contract with the relevant parties and the periods required for ZZGTECH's operational activities.
Such retention periods are updated by the Personal Data Contact Person if necessary.
Personal data whose retention periods have expired are destroyed ex officio. The category-based maximum retention periods of personal data are as follows;
| Data | Data Owner | Storage Periods |
|---|---|---|
| Criminal Records | Employees | 10 years from the end of the employment contract |
| Finance Knowledge | Employees | 10 years from the end of the employment contract |
| Customers | 10 Years | |
| Customer Contact Person | 2 Years | |
| Partners | 10 Years | |
| Outsourced Employees | 10 years from the end of the employment contract | |
| Potential Supplier | 10 Years | |
| Supplier Authorised | 10 Years | |
| Audio and Visual Recordings | Employees | 10 years from the end of the employment contract |
| Employee Candidates | 1 Year | |
| Customer Contact Person | 10 Years | |
| Legal Action | Employee | 10 Years |
| Customers | 10 Years | |
| Supplier Authorised | 10 Years | |
| Contact Details | Employees | 10 years from the end of the employment contract |
| Employee Candidates | 1 Year | |
| Employee Relative | 10 years from the end of the employment contract | |
| Customers | 10 Years | |
| Customer Contact Person | 2 Years | |
| Partners | 10 Years | |
| Outsourced Employees | 10 years from the end of the employment contract | |
| Partner Employee | 10 Years | |
| Partner Officer | 10 Years | |
| Potential Customer | 5 Years | |
| Potential Supplier | 10 Years | |
| References | 1 Year | |
| Supplier Employee | 10 Years | |
| Supplier Authorised | 10 Years | |
| Transaction Security Information | Employees | 10 Years |
| Online Visitors | 2 Years | |
| Customers | 10 Years | |
| Customer Contact Person | 2 years from the end of the service contract | |
| Outsourced Employees | 2 Years | |
| Potential Customer | 5 Years | |
| Supplier Authorised | 2 Years | |
| Credentials | Employees | 10 years from the end of the employment contract |
| Employee Candidates | 1 Year | |
| Employee Relative | 10 years from the end of the employment contract | |
| Customers | 10 Years | |
| Customer Contact Person | 2 Years | |
| Partners | 10 Years | |
| Outsourced Employees | 10 Years | |
| Partner Employee | 10 Years | |
| Partner Officer | 10 Years | |
| Potential Customer | 5 Years | |
| Potential Supplier | 10 Years | |
| References | 1 Year | |
| Supplier Employee | 10 Years | |
| Supplier Authorised | 10 Years | |
| Location Information | Customer Contact Person | 2 years from the end of the service contract |
| Occupational Information | Employees | 10 years from the end of the employment contract |
| Employee Candidates | 1 Year | |
| Customer Transaction Information | Customers | 2 years from the end of the service contract |
| Customer Contact Person | 10 Years | |
| Personal Information | Employees | 10 years from the end of the employment contract |
| Employee Candidates | 1 Year | |
| Customers | 10 Years | |
| Customer Contact Person | 2 years from the end of the service contract | |
| Partners | 10 Years | |
| Outsourced Employees | 10 Years | |
| Potential Customer | 5 Years | |
| References | 1 Year | |
| Supplier Authorised | 10 Years | |
| Marketing Information | Customer Contact Person | 10 Years |
| Customer | 5 Years | |
| Potential Customer | 5 Years | |
| Online Visitors | 2 Years | |
| Health Information | Employees | 10 years from the end of the employment contract |
You can realise your rights regarding your personal data within the scope of GDPR by using the following methods;
Data Controller: ZZGTECH LTD
Data Protection Officer (DPO): Rugül ÇINAR- [email protected]
You can make your personal data applications by filling out the Personal Data Application Form document. Clarification application methods are as follows;
| Method | Contact Details | Description |
|---|---|---|
| Hand Delivery | 124 City Road, London, United Kingdom, EC1V 2NX | During the hand delivery of the Personal Data Application Form, please have one of the documents indicating your identity such as driving licence, identity card, passport, etc. with you. |
| [email protected] | After the Personal Data Application Form is sent to us by e-mail, identity verification can be made by checking the systems or by contacting us to confirm your identity information. |
Personal data applications will be accepted following the identity verification to be made by us, and the relevant persons will be answered in writing or electronically within the legal periods.
About SignalSight
SignalSight is an experienced tech solution who strives
to connect brands with their customers like never before.