KVKK Clarification Text

CLARIFICATION TEXT ON PERSONAL DATA PROCESSING AND PROTECTION

* This is an English translation. In case of any difference in meaning between the original Turkish text and the English translation, the Turkish text shall apply.

 

This Clarification Text on Personal Data Processing covers the data of internet users who visit the website of TOBB University of Economics and Technology Laboratory Schools at the kolej.etu.edu.tr.

 

TOBB University of Economics and Technology Laboratory Schools (“Institution”) as the data processor/controller, present herein clarification text (“Clarification Text”) in order to inform you considering the Personal Data Protection Law No. 6698 (“KVKK”) and Communiqué on the Procedures and Principles to Follow the Liability of Clarification as published in the Official Gazette No. 30356, dated March 10th, 2018.

In the framework of Article 10 of the KVKK titled “Obligation of Data Controller to Inform”, Article 11 of the KVKK titled “Rights of The Data Subject”, and Articles 4 and 5 in the Procedures and Principles to Follow the Liability of Clarification, it is aimed to provide information about the purposes of processing personal data (“Processing of personal data” means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof” KVKK, Article 3(e)), the processed personal data can be transferred to whom and for what purpose, collection method and legal reason of personal data, and other rights listed in the Article 11 of the KVKK titled “Rights of The Data Subject”.

-Which personal data is collected?

The “browser information”, “IP address”, “in-site access log records” of the users who access through “kolej.etu.edu.tr”; in case of filling out the form at “https://kolej.etu.edu.tr/iletisim”, “name and surname”, “e-mail address”, “phone number”, and “the message you want to send” are collected. 

-For what purpose is personal data processed, and with whom it is shared?

Personal data processed and shared:

In the presence of legal obligations or conditions of Articles 8 and 9 of the KVKK (“Transfer of personal data” and “Transfer of personal data abroad”), personal data is limitedly and measuredly processed and shared under the the law and honesty, within the principles of being accurate and up-to-date, specific, clear, and legitimate.

In the situations when keeping user access records of kolej.etu.edu.tr by “Institution” as a necessity of Law on Regulation of Broadcasts via Internet and Prevention of Crimes Committed Through Such Broadcasts Law No. 5651, and when contacting the relevant person because of taking a message via https://kolej.etu.edu.tr/iletisim personal data is processed and shared.

In the presence of legal dispute, investigation, juridical or administrative audit, and in other cases, such as exercise of the right of legal defense of “Institution” and responding to other official or legal information and document request.

 

Gaining access to personal data is only permitted to public institutions or organizations authorized to request such data as required by a legal obligation; persons who are employees of the “Institution” and need access to perform their jobs; and third parties who have a legitimate purpose for accessing them.

-What is the method of collecting and processing personal data?

The “browser information”, “IP address”, “in-site access log records” of the users are automatically collected via cookies when you first log in to kolej.etu.edu.tr. “Name and surname”, “e-mail address”, “phone number”, and “the message you want to send” are collected in case of filling out the form at “https://kolej.etu.edu.tr/iletisim”. The collected data is processed by digitally recording it in the information system, storing it on a physical and cloud server, and creating a database in automatic or non-automatic ways.

-What is the purpose and legal basis of data processing?

Personal data is processed based on Article 5/2 of the KVKK and visits to our website through the kolej.etu.edu.tr to carry out the announcement and communication activities, execute access authorization, and ensure the security of Data Controller operations.

-What precautions are taken regarding data protection?

The “Institution” takes the necessary technical and administrative measures to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, and extermination of data. The “Institution” undertakes to keep personal data confidential, take all necessary technical and administrative measures to ensure confidentiality and security, and take necessary care.

 

Even if the “Institution” takes the necessary precautions for information security, in the situations that personal data is damaged or stolen by third parties due to attacks on the website, the situation is immediately notified to the data owners and the Personal Data Protection Authority.

 

Individuals who share their personal data with the “Institution” accept and declare that the responsibilities arising from the accuracy of the information for the rights they have over their personal data and other legislation within the scope of Personal Data Protection Law No. 6698.

 

You can submit changes and/or updates via kolejiletisim@etu.edu.tr regarding your personal data you have shared.

-How are the data deleted?

Personal data processed for the purposes specified in this “Clarification Text” are erased, destructured, or anonymized by the “Institution” when the purpose that requires processing for Article 7 of the KVKK disappears and the periods determined by the Laws end. Additionally, the process is carried out with or without a request according to the Personal Data Retention and Disposal Policy of the “Institution”.

-What are the possessed rights about the data?

Each person has the right to request to the data controller about him/her; (a) to learn whether his/her personal data are processed or not, (b)to demand for information as to if his/her personal data have been processed, (c)to learn the purpose of the processing of his/her personal data and whether these personal data are used in compliance with the purpose, (ç) to know the third parties to whom his personal data are transferred in country or abroad, (d)to request the rectification of the incomplete or inaccurate data, (e)to request the erasure or destruction of his/her personal data under the conditions referred to in Article 7 of KVKK, (f) to request reporting of the operations carried out pursuant to sub-paragraphs (d) and (e) to third parties to whom his/her personal data have been transferred, (g) to object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems, (ğ) to claim compensation for the damage arising from the unlawful processing of his/her personal data.