Personal Data Storage

Personal Data Storage and Disposal Policy
The objective of this policy is to set forth the principles and procedures regarding the processing and protection of personal data as well as the deletion, disposal and anonymization of such processed personal data in compliance with the applicable legislations, which constitute the legal basis of this policy.
The scope of applicability of this policy encompasses the personal data of the staff members, staff member candidates, officers and visitors of Artrec Filter, and the employees and the officers of the third parties, with whom Artrec Filter cooperates, as well as any other third party, which are processed fully or partially automatically or through non-automatic means as a part of any data recording system.
Accordingly; the groups of data owners mentioned above may be subject to the applicability of the entirety or only certain provisions of this Policy.
This Policy has been issued on the basis of the Code No. 6698 on the Protection of Personal Data, the Regulation No. 30286 on the Registry of Data Controllers, and the Regulation No. 30224 on the Deletion, Disposal or Anonymization of Personal Data.
The applicable legislations in force shall be attached priority in terms of applicability in respect of the processing, protection and disposal of personal data. Artrec Filter hereby agrees that, in the event of any conflict between the applicable legislations and this Policy, the applicable legislations in force shall be applicable.
Definitions  
The following terms shall have the meanings set forth below for the purpose of the enforcement of this Policy;
Recipient group: The group of natural persons or legal entities, to whom the personal data are transferred by the data controller;
Concerned user: Any person, who processes personal data as a part of the data controller’s organization or in accordance with the powers delegated and instructions placed by the data controller, except for any person or unit, who or which is responsible for the storage, protection and back-up, technically, of data;
Disposal: The deletion, disposal or anonymization of personal data;
 Code: Code No. 6698 on the Protection of Personal Data;
Recording media: Any medium, where the personal data are processed fully or partially automatically or through non-automatic means as a part of any data recording system.
Personal data: Any information or data that is related to an identified or identifiable natural person;
Personal data owner: The natural person, whose personal data are processed;
Processing of personal data: Any operation, which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system;
Personal data processing inventory: The inventory, which is created by the data controllers by way of the association of the personal data processing activities that are carried out thereby with the purposes of processing of personal data, the data categories, the recipient groups and the groups of persons, being the subject matter of the data, and within which the maximum duration as necessary for the purposes, for which the personal data are processed, the personal data, which are contemplated to be transferred to foreign countries, and the precautions taken in respect of data security are detailed and described thereby;  
Board: The Personal Data Protection Board;
Authority: The Personal Data Protection Authority;
Personal data of private nature: The data related to the persons’ race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, health, sexual life, conviction and safety precautions as well as biometric and genetic data;
Periodical disposal: The deletion, disposal or anonymization, which shall be conducted automatically on a periodical and recurrent basis as specified within the personal data storage and disposal policy in the cases, where all of the requirements for the processing of personal data as set forth within the Code cease to be satisfied;
Policy: This Policy, on which the data controllers base the identification of the maximum period of time as necessary for the purpose, for which the personal data are processed, and the deletion, disposal and anonymization of the personal data;
Registry: The registry of data controllers that is maintained by the Personal Data Protection Board;
Data processor: Any natural person or legal entity, who or which processes personal data on behalf of the data controller on the basis of the power delegated thereby;
Data recording system: Any recording system, through which personal data are processed by structuring according to specific criteria;
Data controller: A natural person or legal entity, who or which determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the filing system.
Any term not defined herein shall have the meaning that is ascribed thereto within the Code.
1.  PRINCIPLES APPLICABLE FOR ARTREC FİLTER
1.1.     Disclosures to and Information of the Personal Data Owner
Artrec Filter makes disclosures to the personal data owners during the collection of personal data. Accordingly; Artrec Filter shall disclose to the personal data owner the purposes, for which the personal data are to be processed, the parties, to whom the processed data are to be transferred, and the purpose of such transfers, the method of collection of personal data and the legal reasons for the same as well as the rights of the personal data owner as provided by the Code.
The rights of the personal data owner also include the right to "request information". Artrec Filter shall inform the personal data owner as necessary and appropriate should the personal data owner so request.
Artrec Filter declares to the personal data owners and the concerned parties by way of various public documents, primarily including this Policy, that it processes personal data in compliance with the law and the principle of integrity, and ensures that the concerned parties are informed as appropriate in respect and through the course of the personal data processing activities, and accordingly, ensures accountability and transparency.
1.2.    Protection of the Rights of Personal Data Owners
Artrec Filter maintains the channels, internal operation, administrative and technical regulations as necessary in compliance with the Code for the assessment of the personal data owners and the information as necessary of the personal data owners.
In the event any personal data owner files a request with Artrec Filter regarding any of the rights thereof as provided below; Artrec Filter shall meet such request as soon as practicable depending on the nature of request but in any case not later than 30 days. In the event the actions to be taken in order to meet any such request require any extra or additional cost, Artrec Filter shall charge the fee as per the rate tariff set forth by the Board. Personal data owners have the right to:
  • Learn whether or not the respective personal data of the relevant personal data owner have been processed;
  • Request information as to processing if the respective personal data of the relevant personal data owner have been processed;
  • Learn the purpose of processing of the respective personal data of the relevant personal data owner and whether data are used in accordance with their purpose;
  • Know the third parties based at home or in abroad, to whom the respective personal data of the relevant personal data owner have been transferred;
  • Request notification of the operations performed as a consequence of such requests as rectification, deletion and disposal to third parties to whom the respective personal data of the relevant personal data owner have been transferred, in the cases where the respective personal data of the relevant personal data owner have been processed incompletely or inaccurately;
  • Request the respective personal data of the relevant personal data owner to be deleted or disposed in the event the reasons that may have required the processing of the respective personal data of the relevant personal data owner in spite of the fact that they have been processed in compliance with the Law and other applicable laws and regulations, and request notification of the relevant operation to third parties to whom the respective personal data of the relevant personal data owner have been transferred;
  • Object to occurrence of any result that is to her/his detriment by means of analysis of the respective personal data of the relevant personal data owner exclusively through automated systems;
  • Request compensation for the damages in case the person incurs damages due to unlawful processing of the respective personal data of the relevant personal data owner.
In order to exercise their respective rights provided above, the personal data owners should communicate their requests to Artrec Filter "in writing" or by way of the other methods contemplated by the Code. The Board has not specified any other method yet, on which account the personal data owners are, currently, required to file their requests in writing.
In the event the data owners also deliver their personally identifiable information to Artrec Filter while filing and along with the filing of their requests in writing, they shall be responded rapidly and effectively. In the event any data owner requests to exercise any of her/his respective rights as mentioned above, s/he may send or deliver such written in writing along the documents that allow for the identification of herself/himself to the head office of Artrec Filter, which is situated at Ferhatpaşa Mah. Yedpa Bul. 11. Sok. No:21 Ataşehir – Istanbul Turkey by hand, through the agency of a notary public or in secure electronically signed format.
1.3.    Recording Medium Where Personal Data Are Stored and Are to Be Disposed
Any medium, where the personal data, which have been obtained by Artrec Filter and which are processed fully or partially automatically or through non-automatic means as a part of any data recording system, are stored, is considered and referred to as a recording medium. Any and all personal data that are held by and in the possession of Artrec Filter are kept and stored on the respective systems thereof, which are mentioned below and the security of which is ensured in the maximum extent.
The personal data of the data owners are stored securely by Artrec Filter in the media listed below in compliance with the applicable legislations in force, primarily including the provisions of the CPPD, and in accordance with the international data security principles.
Electronic media:
• Exchange Server
• Ms Office 365
Physical media:
• Cabinets of each unit
• Archiving
1.4    Security of Personal Data
    Considering the business operations carried out thereby, Artrec Filter attaches the utmost importance and priority to the protection of personal data.  Artrec Filter takes any and all legally, technically and administratively required precautions in order to ensure and maintain data security, and acts with the utmost care and in the utmost diligence on the matter.
    The staff members of Artrec Filter have been informed that they shall not disclose any personal data, which they may learn or obtain, to others in breach of the applicable provisions of the Code, and that they shall not make use of such data for any other purpose than the intended and specified purpose of processing of the same, and that the said obligations thereof shall remain in full force and effect even after their resignation or dismissal from their position within the organization of Artrec Filter, and their warranties on the mentioned matters have been obtained as necessary and appropriate.
    Artrec Filter also raises the awareness of its business partners, suppliers and the like third parties in respect of the prevention of the unlawful processing of personal data, the prevention of unlawful access to personal data and the storage of the personal data in compliance with the applicable law. The processing, protection and storage of personal data also by and at the counters of the third parties, with whom Artrec Filter maintains business relations, have been arranged and regulated on contractual basis with such third parties, and the reason for the processing of such personal data has been accorded with the operations carried out with the third parties.
    Artrec Filter conducts any and all required audits and procures the same to be conducted within its own organization. In the cases, where it is established as a result of the audits conducted that the precautions taken should be improved; Artrec Filter promptly takes the necessary actions.
    In the event the personal data are captured and/or obtained through illegal or unlawful means by others in spite of the taking of all general, technical and administrative precautions specified below; Artrec Filter fulfills its obligation to notify the respective data owner and the Board of such incident as soon as practicable.  
1.5.    General Precautions to Be Taken in Order for the Secure Storage and the Prevention of Unlawful Processing of and Illegal Access to the Personal Data
The personal data are processed by Artrec Filter in strict compliance with the principles and procedures provided by the Code and the other applicable legislations. Artrec Filter observes the following principles through the course of its processing of personal data:
Compliance with the law and the principles of honesty
Artrec Filter acts in compliance with the guidelines contemplated by the applicable legislations regarding the processing of personal data and the principles of honesty. Giving due consideration to the requirements of proportionality with regards to the processing of personal data, Artrec Filter avoids using the personal data in any such extent that is beyond the achievement of the relevant purpose.
Accuracy and, where necessary, currency,
Artrec Filter takes into consideration the fundamental rights and interests of the personal data owners, and ensures the accuracy and currency of the personal data processed thereby. To that end, Artrec Filter also takes the necessary and appropriate precautions.
Processing of data for specific, clear and legitimate purposes,
Artrec Filter identifies and sets forth its purposes of processing personal data, which are specific, clear and legitimate, and processes personal data in connection with and only in such limited extent that is necessitated by the services provided thereby. Artrec Filter sets forth and declares the purposes of processing of personal data prior to the commencement of such processing.
Relation to the purpose of processing, limitedness and proportionality of the data processed
Artrec Filter processes personal data in such manner that is sufficient and convenient for the accomplishment of the purposes identified and set forth. Accordingly, Artrec Filter avoids processing such personal data that are not related to the accomplishment of the purpose of processing of personal data or that do not need to be processed for such purpose.
Retention for the period as prescribed by the applicable regulations or as necessary for the relevant purpose of processing.
Artrec Filter retains the personal data for such period that is prescribed by the applicable regulations or is necessary for the relevant purpose of processing. Accordingly; Artrec Filter observes the period that is prescribed by the applicable regulations for the retention of personal data if any such period is prescribed, and if any such period has not been prescribed by the applicable regulations, it retains the personal data for such period that is necessary for the processing of the same. Once the prescribed period expires or in the event the processing of the personal data is no longer required; the personal data are deleted, disposed or anonymized by Artrec Filter.    
1.6.    Technical and Administrative Precautions to Be Taken in Order for the Secure Storage and the Prevention of Unlawful Processing of and Illegal Access to the Personal Data
Artrec Filter is aware that it is obliged to take any and all technical and administrative precautions as necessary to ensure the appropriate level of security in order to
Prevent the unlawful processing of the personal data,
Prevent the unlawful access the personal data,
Ensure the protection of the personal data,
and acts with the utmost care and in the utmost diligence in that regards.
In the event any personal data held in the possession of Artrec Filter is processed by any other natural person or legal entity; Artrec Filter shall be jointly responsible with such person or entity in respect of the taking of the precautions specified above.
As a matter of fact; Artrec Filter is aware that it is obliged to conduct any and all such audits as necessary to ensure the enforcement as appropriate of the Code and the relevant legislations and to procure the conduct of such audits, and takes necessary actions to that end.
2.         PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
2.1.    Requirements for the Processing of Personal Data
The processing of personal data requires the explicit consent of the person, whose data are intended to be processed. Explicit consent is only one of the legal requirements for the processing of personal data. Apart from the explicit consent, personal data may be processed in the event of the occurrence of any one or several events.  Artrec Filter may process the personal of a person without the explicit consent of such person in the event of the satisfaction of any one or several of the following requirements.
a) Explicit consent: The explicit consent of the owner of the personal data should be declared as a result of an informed decision and with the free will of the concerned person. Accordingly; Artrec Filter shall obtain the explicit consent of the owner of the personal data for the processing of the respective personal data thereof.
b) Explicit contemplation by applicable laws: In the event the processing of the personal data of the data owner may be processed lawfully by Artrec Filter should such processing be contemplated explicitly by applicable laws.
c) Failure to obtain the explicit consent of the concerned person on account of actual impracticability: In the cases, where it is strictly obligatory for the processing of the data of a person, who is physically unable or incapable to express her/his consent or whose consent is legally not considered valid, in order for the protection of the life or physical integrity of such person or any other individual; the personal data of such data owner may be processed. For example; Artrec Filter may disclose the blood type of a staff members thereof, who has an heart attack, to the physicians.
d) The processing of personal data being directly connected to the execution or the performance of a contract: The personal data of the parties of a contract may be processed, provided that such processing is directly connected to and necessary for the execution or the performance of a contract.
e) Artrec Filter’s fulfillment of its legal obligations: In the cases, where the processing of data represents a strict requirement for Artrec Filter to fulfill the respective legal obligations thereof, the personal data of the data owner may be processed.
f) Disclosure to public by data owner of her/his personal data: In the cases, where the data owner discloses her/his personal data to the public; such personal data may be processed.
g) The processing of data representing a strict requirement for the creation, exercise or the protection of a right: In the cases, where the processing of data represents a strict requirement for the creation, exercise or the protection of a right; the personal data of the data owner may be processed.
h) The processing of data representing a strict requirement for the preservation and maintenance of the legitimate interests of Artrec Filter: In the cases, where the processing of data is strictly required to preserve and maintain the legitimate interests of Artrec Filter; Artrec Filter may process the personal data provided that the fundamental rights and freedoms of the data owner not be prejudiced.
2.2.    Requirements for the Processing of the Personal Data of Private Nature
Artrec Filter does not process the personal data of private nature without the explicit consent of the owners of such personal data. The personal data of private nature other than those, which are related to health and sexual life, may be processed without seeking the explicit consent of the concerned person. The data related to health and sexual life may be processed without the explicit consent of the concerned person only by such persons or competent authorities, who or which are bound by confidentiality obligation, for the purpose of the protection of public health, preventive medicine, medical diagnosis, performance of treatment and healthcare services and the planning and management of healthcare services and the financing of the same.
In respect of the processing of personal data of private nature; Artrec Filter also takes such required precautions that are identified and set forth by the Board.
2.3.    Transferring Personal Data
Artrec Filter transfers the personal data and the personal data of private nature of the owners of the personal data to third parties with due consideration of the nature of its business operations carried out thereby, provided that it takes the appropriate security precautions required by the Code and the applicable legislations in line with the purposes of processing of personal data.
Artrec Filter also transfers personal data to such foreign countries, which have been declared by the Board to have adequate protection, ("Foreign Country with Adequate Protection") or to such foreign countries, where adequate protection is not in place but in respect of which the data controllers in Turkey and in the such foreign countries have warranted to ensure adequate protection and transfer of personal data to which has been authorized by the Board, ("Foreign Country Where Data Controller Warranting Adequate Protection Resides"). In that regards, Artrec Filter acts in compliance with the requirements of the Code.
2.5.    Data Processing Activities at the Entrance to and Inside the Workplace and Website Visitors
    Artrec Filter conducts video surveillance in order to ensure workplace safety and carries out personal data processing activities in order to monitor the entrances and exits by the guests at the Artrec Filter’s workplaces. By way of conducting video surveillance and keeping logs of entrances and exits of guests, Artrec Filter is deemed to carry out personal data processing activities. Through the course of such processing of personal data, Artrec Filter acts in compliance with and observes the requirements of any and all applicable acts, codes and legislations, primarily including the Constitution.
    Artrec Filter conducts video surveillance at the workplace for the purposes of improving the quality of the services offered thereby, ensuring and maintaining the security of the visitors of Artrec Filter and other relevant persons and protecting the interests of the visitors in relation to the services procured thereby.
    The footages of such video surveillance, which are recorded and stored digitally within the organization of Artrec Filter, are accessible only by a limited number of Artrec Filter staff members. Live footage of the video surveillance can be viewed externally by the security guards of the contracted external security service provider. The limited number of Artrec Filter staff members, who may access to the video surveillance footage, represent under the deed of confidentiality that they shall maintain the confidentiality of the data accessed thereby.
    Such personal data as the full names of the persons, who visit the workplaces of Artrec Filter as guests, are obtained for the purpose of the monitoring of entrances and exits of the guests, on which account the said data are processed or the relevant personal data are recorded to the data recording system in a physical medium solely for the specified purposes. The records of the guests are kept by the security guards of the contracted external security service provider of Artrec Filter. The contracted external security service provider is procured to submit a representation suggesting that it shall maintain the confidentiality of the data of the guests, which are accessed thereby.
3.     PRINCIPLES REGARDING THE DELETION, DISPOSAL OR ANONYMIZATION OF PERSONAL DATA
3.1.    Principles Regarding the Deletion, Disposal or Anonymization of Personal Data
In the cases, where all of the requirements for the processing of personal data; Artrec Filter fulfills its obligations for regarding the deletion, disposal or anonymization of personal data either on its own motion or upon the request of the concerned person.
Artrec Filter acts in compliance with the general principles and the technical and administrative precautions specified within this Policy, the provisions of the applicable legislations, the resolutions of the Board and the personal data storage and disposal policy through the course of deletion, disposal and anonymization of personal data.
Records of any and all actions taken in respect of the deletion, disposal and anonymization of personal data by Artrec Filter shall be kept, and are retained for a period not shorter than three years except for the cases where legal obligations require otherwise.  
Unless resolved otherwise by the Board, Artrec Filter, acting at its discretion, shall delete, dispose of or anonymize the personal data as it deems appropriate on its own motion. Artrec Filter shall select the appropriate action, whether that is deletion, disposal or anonymization, by way of explaining its reasoning for such selection upon the request of the concerned person.
3.2.    Deletion of Personal Data
Deletion of personal data is the action of rendering the personal data strictly and conclusively inaccessible and non-reusable by relevant users. Artrec Filter takes any and all technical and administrative precautions as necessary and appropriate to render the deleted personal data strictly and conclusively inaccessible and non-reusable.
3.3.    Disposal of Processing of Personal Data
    Disposal of personal data is the action of rendering the personal data strictly and conclusively inaccessible, non-retrievable and non-reusable by relevant users. Artrec Filter takes any and all technical and administrative precautions as necessary and appropriate in respect of the disposal of personal data.
3.4.    Anonymization of Personal Data
    The anonymization of personal data is the action of modification of the nature of personal data in such manner that they can no longer be associated to an identified or identifiable natural person even by way of matching with other data. The anonymization of personal data requires the modification of the nature of the personal data in such manner that it can no longer be associated to an identified or identifiable natural person even by way of the employment by the data controller, the recipient or the recipient groups of such techniques as restoration or matching with other data that are suitable for the recording medium and the relevant field of activity.
Artrec Filter takes any and all technical and administrative precautions as necessary and appropriate in respect of the anonymization of personal data.
3.5.    Methods to Be Employed for the Deletion, Disposal or Anonymization of Personal Data
    Artrec Filter shall delete, dispose of and/or anonymize the personal data held in its possession by way of employing the methods set forth below.
Cloud Application Solutions (Office 365, etc.)
Artrec Filter shall delete the data stored in cloud applications by way of issuing a delete command. While issuing such command, Artrec Filter shall particularly make sure that the relevant user does not have the authority to retrieve deleted data through the cloud system.
Personal Data Stored in Printed Form
Artrec Filter shall delete the data stored in printed form by way of blanking. Blanking is performed by way of trimming, where practicable, of the personal data on the relevant document or, where trimming is not practicable, by way of rendering such data invisible for the relevant user through the employment of indelible ink in such matter that such application cannot be undone and the content so blanked cannot be read by way of technological solutions.
Office Files Stored on the Central Server
The file should be deleted by way of issuing a delete command on the operating system or the access authorization of the relevant user on the file or the directory, on which such file is kept, should be revoked. While taking such action, Artrec Filter shall make sure that the relevant user is not also a system administrator.

Personal Data Stored on Portable Media
Artrec Filter stores the personal data on flash-based storage media in encrypted form, and shall delete the same, using suitable software for such media.
Databases
Artrec Filter shall delete the relevant lines that contain personal data by way of issuing the appropriate database commands (DELETE etc.). While taking such action, Artrec Filter shall make sure that the relevant user is not also a database administrator.
3.6.    Periods for the Deletion, Disposal or Anonymization of Personal Data
Artrec Filter deletes, disposes of or anonymizes the personal data as a part of the first immediate periodical disposal action that follows the date, on which the obligation to delete, dispose of or anonymize the personal data arises.
The period for the deletion, disposal or anonymization of personal data by Artrec Filter is 30 days as of the date, on which the obligation to delete, dispose of or anonymize the personal data arises. Such period may be extended by no longer than 30 days in imperative situations.
Artrec Filter agrees that the Board may shorten the specified periods in the event of the possibility of the occurrence of irreparable losses and damages and the occurrence of unlawfulness.
3.7.    Data Owner’s Request for the Deletion and Disposal of the Personal Data Thereof
The Data Owner shall file her/his requests for the enforcement of the Code with Artrec Filter in writing or by other methods that the Board may specify.
Artrec Filter shall meet such request as soon as practicable depending on the nature of request but in any case not later than 30 days. However; In the event the actions to be taken in order to meet any such request require any extra or additional cost, Artrec Filter may charge the fee as per the rate tariff set forth by the Board.
Artrec Filter shall either accept any such request or reject the same, stating the reasons for such rejection, and communicate its reply to the concerned person in writing or electronically. In the event the request filed is accepted, Artrec Filter shall take the appropriate action for the satisfaction of such request. In the cases, where the request is filed on account of a fault or negligence of Artrec Filter; the fee charged shall be refunded.
3.8.    Periods for Deletion and Disposal of Personal Data upon Request by the Data Owner
In the event the Data Owner files a request with Artrec Filter on the basis of the Policy for the deletion or disposal of her/his personal data;
a) If all of the requirements for the processing of personal data have ceased to be satisfied, Artrec Filter shall delete, dispose of or anonymize the personal data, being the subject matter of the relevant request. Artrec Filter shall, in that case, conclude the actions for the satisfaction of the request of the concerned person within not later than 30 days, and inform the concerned person on the matter.
b) If all of the requirements for the processing of personal data have ceased to be satisfied and the personal data, being the subject matter of the relevant request, have been transferred to third parties; Artrec Filter shall notify the relevant third party of such request, and shall procure the necessary action under the Regulation on the Deletion, Disposal or Anonymization of Personal Data to be taken at the counters of the relevant third party.
c) If all of the requirements for the processing of personal data have not ceased to be satisfied; Artrec Filter may reject such request, explaining the reasons for such rejection, under this Policy, and the rejection shall be communicated to the concerned Data Owner in writing or electronically within not later than 30 days.  
TABLE OF RETENTION AND DISPOSAL PERIODS
PROCESS RETENTION PERIOD DISPOSAL PERIOD
Shareholders’ Assembly Actions 10 years Within 180 days from the date of expiration of the retention period
Processes on preparation of documents for tenders/ workplace opening/ ministries/undersecretariats 10 years Within 180 days from the date of expiration of the retention period
Replying to inquiries by courts/ enforcement offices in relation to staff members 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Contracts executed with third parties 10 years Within 180 days from the date of expiration of the retention period
Employment 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Payrolling 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Private health and personal accident insurance for staff members 1 years Within 180 days from the date of expiration of the retention period
Allocation of vehicles to staff members 1 years Within 180 days from the date of expiration of the retention period
Occupational health and safety practices 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Recording/ Monitoring Systems 1 years Within 180 days from the date of expiration of the retention period
Information regarding shareholders and directors 10 years Within 180 days from the date of expiration of the retention periodWithin 180 days from the date of expiration of the retention period
Payment transactions 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Staff Financing Processes 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Retention of a section of the contract process and the contract 10 years from the date of termination of employment Within 180 days from the date of expiration of the retention period
Accident Reporting 10 years Within 180 days from the date of expiration of the retention period
Sharing of meeting notes with attendees 10 years Within 180 days from the date of expiration of the retention period
Filing of any kind of documents 10 years Within 180 days from the date of expiration of the retention period
Filing of training logs and records 10 years Within 180 days from the date of expiration of the retention period