LPPD Privacy Notice

Koc University (“University”) occasionally stores and lawfully processes your data considered as “personal data” within the scope of the Law on Protection of Personal Data No: 6698 (the “LPPD”). In this manner, we would like to inform you, in accordance with the LPPD and relevant regulations, regarding how and for which purposes personal data is processed by our University bearing the title “data controller” in accordance with the LPPD, and the technical and administrative measures taken in order to protect your personal data.

  1. Principles Relating to Processing of Personal Data

Personal data is processed in the light of the principles below:

  1. Lawfulness, fairness and transparency.
  2. Accuracy and where necessary, keeping up to date.
  3. Processing for specified, explicit and legitimate purposes.
  4. Adequacy, relevancy and limitation to what is necessary in relation to the purposes for which they are processed.
  5. Storing only as long provisioned by relevant regulations or necessary for the purposes for which they are processed.
  1. Obligation to inform

Article 10 of the LPPD imposes an obligation on the data controllers to inform those whose personal data are processed whilst obtaining their consent in this regard and requires the data subjects to be informed. University, bearing the title ‘data controller’ in accordance with the relevant provision must inform the data subjects regarding:

  1. the identity of the data controller,
  2. the purposes for which the personal data are processed,
  3. to whom and for what purposes the processed personal data may be transferred,
  4. the methods and the legal grounds for the collection of personal data,
  5. the rights which the data subject may exercise against the data controller in accordance with Article 11 of the LPPD.

As University, we are informing all our personnel regarding the processing and protection of personal data in accordance with Article 10 of the LPPD with this Privacy Notice.

  1. Data Controller

Article 3/1(ı) of the LPPD defines data controller as “Real or legal persons who determine the purposes and means of processing personal data, who are responsible for the establishment and management of the data registry system” and within this framework, University bears the title of data controller.

  1. What Personal Data Can Be Processed?

Your personal data may be collected via this platform varies according to purposes mentioned below. Although your personal data may vary depending on the relationship between you and our University, it may be collected verbally, in writing, or electronically by automatic or non-automatic methods through our university units, website, social media channels, mobile applications, and similar means.

  1. Processing of Personal Data and its Purposes

At University, your personal data is only processed in the presence of your explicit consent or the presence of conditions of lawfulness for processing stated under LPPD.

In accordance with the principles under LPPD; your personal data mentioned above are processed to ensure online security and information security, obtain statistical data, comply with legal obligations in legislation, carry out our other operational activities within the University, and archiving purposes.

  1. To Whom and For What Purposes the Personal Data may be Transferred

Your personal data processed by the University in accordance with the LPPD principles and provisions; may only be transferred for the above-mentioned purposes and along with the necessary confidentiality agreements; to partner institution or legally authorized public institutions, within the scope of the conditions and purposes regarding the processing of personal data stipulated in Articles 8 and 9 of the LPPD.

As per Article 8 of the LPPD, the personal data may be transferred based on the express consent of the data subject or another condition stipulated in the above article with the heading ‘Processing of Personal Data and its Purposes’ in the absence of express consent.

  1. Methods and Legal Grounds for the Collection of Personal Data

Your personal data, as mentioned above, are collected and processed when you attend to the Project. Your personal data may be processed and transferred for the purposes described in this Privacy Notice, primarily to fulfill our University’s obligations correctly and in full arising from legislation and agreements and to fulfill the conditions for the processing of personal data as defined in Articles 5 and 6 of the LPPD.

  1. Rights of the Data Subject

Article 11 of the LPPD issues some rights for each real person whose personal data is processed and requires the data controllers to inform the data subjects on such rights under the obligation of inform. These rights are comprised of;

  • the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information; the purposes of the processing and whether the personal data is used in line with such purposes, the recipients to whom the personal data have been or will be disclosed both domestically and in abroad,
  • the right to request from the controller rectification of personal data if the personal data have been processed in an incomplete and wrong manner,
  • the right to request the deletion or destruction of personal data if the grounds permitting the processing of personal data do no longer exist within the scope of Article 7 of the LPPD,
  • the right to request the notification of the third parties whom the personal data are transferred to regarding the rectification if the personal data have been processed in an incomplete or wrong manner or the deletion or destruction of personal data in accordance with Article 7 of the LPPD,
  • the right to object to any adverse result that occurs exclusively from analyzing the processed personal data via automatic systems and right to claim compensation if any damage is incurred due to unlawful processing of personal data.
  1. How Do We Protect?

The protection of your personal data collected and processed by University is provided through preventing unauthorized persons to access the data and by taking all necessary technical and administrative measures in order to make sure our personnel do not suffer from any violation, by ensuring the use of softwares by our University in our operations are up to standards, by taking due care in choosing the third parties which we work with, by training our employees in this regard and by ensuring the compliance with the data protection policy within the University.

  1. Application and Right to Obtain Information

In case you wish to exercise one of the rights explained above granted under Article 11 of the LPPD, you may apply to our University. This application should be made in writing or through other methods determined by the Personal Data Protection Board.

Please hand in your application;

  • By sending e-mail to kisiselverilerim@ku.edu.tr,
  • By sending an e-mail from your e-mail address to the University’s registered e-mail address with secure electronic signature or mobile signature,
  • By University’s address via public notary or certified mail,
  • By University’s address via personal application with handwritten signature.

Your applications delivered to our University through the abovementioned methods in accordance with Article 13 sub-section 2 of the LPPD, shall be answered within 30 (thirty) days upon receipt by our University. Our reply shall be sent either in writing or through electronic means.