Konya Metropolitan Municipality Young Culture Card Project Support Program
2025-10-23 06:07:04
2025-2026 Güz Dönemi Erasmus Sınav Sonuçları
2025-10-21 14:16:09
KONYA FOOD AND AGRICULTURE UNIVERSITY ON THE PROTECTION OF PERSONAL DATA PROCESSING, STORAGE AND DISPOSAL POLICY | |
Document No. | Revision Date/No |
KVK-01 | |
I. INTRODUCTION
1.1. Purpose of the Policy
In accordance with Article 20 of the Constitution titled "Privacy of Private Life" and Law No. 6698 on the Protection of Personal Data ("Law") and the provisions of the regulations and communiqués in force, the processing of personal data obtained by Konya Food and Agriculture University ("University"), the protection of the fundamental rights and freedomsof data owners(employees (academic staff, administrative staff, janitorial staff) employee candidates, students, student candidates, graduate students, intern / part-time working students, PAMER consultants, visitors and other third parties, etc.), especially the privacy of private life.The purpose of this Policy is to protect fundamental rights and freedoms, especially the right to privacy, and to ensure that the data controller who processes personal data carries out data processing activities in accordance with the law, and to determine the principles of the destruction process for the protection, processing, storage, deletion, destruction and anonymization of the personal data obtained.
1.2. Scope of the Policy
The establishment of the procedures and principles of the data processing activity carried out by the University determines the scope of this Policy, based on the fact that all kinds of transactions such as obtaining, recording, storing, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of any information relating to an identified or identifiable natural person as personal data by the University as the data controller, fully or partially automatically or non-automatically, provided that it is part of any data recording system, is accepted as data processing activity.
1.3. Implementation of the Policy and Related Legislation
This Policy is based on the current Higher Education Law No. 2547, Higher Education Personnel Law No. 2914, Regulation on Foundation Higher Education Institutions, Regulation on Student Discipline of Higher Education Institutions, Regulation on the Procedures and Principles Regarding the Central Examination and Entrance Examinations to be Applied in Appointments to Academic Staff Positions other than Faculty Members, Regulation on State Archive Services, It has been prepared in accordance with the rules shown in the regulations, communiqués, decisions and guidelines published by the Board, including the Higher Education Council Archive Regulation, thePrime Ministry Circular No. 2005/7 on the Standard File Plan, the relevant legislation and the Law No. 6698 on the Protection of Personal Data, the Regulation No. 30286 on the Data Controllers Registry and the Regulation No. 30224 on the Deletion, Destruction or Anonymization of Personal Data. In the event that there is a change in the Law or other relevant legislation after the publication date of the Policy by the University and the Policy becomes incompatible with the said change, the amended provisions and rules will be applied. All communiqués, decisions and guidelines published by the Board are followed by our University and the rules stipulated by the Policy are kept up-to-date.
1.4. Enforcement of the Policy
The Policy was published on the University's website www.gidatarim.edu.tr and entered into force on the date of its publication.
II. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
2.1. Ensuring the Security of Personal Data
According to Article 12 of Law No. 6698, the data controller
The University is obliged to take all necessary administrative and technical measures to ensure the appropriate level of security.
For the reasons explained, the University implements security measures to prevent unlawful processing, transfer and disclosure of personal data to third parties, unauthorized access and security deficiencies that arise in other ways. Explanations regarding the administrative and technical measures taken are provided in section VI. ADMINISTRATIVE AND TECHNICAL MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA.
2.2. Protection of Special Categories of Personal Data
Data that are sensitive due to their nature and that may cause victimization or discrimination of data subjects if they fall into the hands of third parties are accepted as sensitive personal data under the Law. Special categories of personal data include data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. Sensitive personal data cannot be processed without the explicit consent of the data subject.
All necessary measures are taken by the University to protect special categories of personal data and it is essential that such data are not obtained and processed as much as possible.
III. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Compliance with the Principles Stipulated in the Legislation
Pursuant to Article 4 of the Law, the principles to be applied in the processing of your personal data are as follows
3.2. Terms of Processing Personal Data
Personal data obtained by the University cannot be processed without the explicit consent of the person concerned, except for the exceptions stipulated in the Law. Your personal data may be processed without explicit consent in the following cases:
3.3. Exceptions to the Obligation to Obtain Explicit Consent
a) Explicitly stipulated in the law
One of the conditions for data processing is that it is explicitly stipulated in the law. The provisions in the laws that personal data may be processed may constitute a data processing condition. In such a case, the explicit consent of the person concerned is not required.
b) Actual impossibility
In cases where it is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid, the personal data of the person concerned may be processed without obtaining his/her explicit consent.
c) Directly related to the conclusion or performance of the contract
In the event that data processing is mandatory during the establishment of a contract to which the data subject is a party or during the performance of the contract, the processing of personal data without explicit consent may come to the agenda.
d) Fulfillment of the University's legal obligation
Personal data can be processed without explicit consent in order to fulfill the legal obligations that our University must fulfill as the data controller.
e) It has been made public by the person concerned
Personal data that has been made public by the data subject, in other words, personal data that has been disclosed to the public in any way, can be processed without explicit consent. Even in this case, personal data that has been made public cannot be subject to misuse.
f) Being mandatory for the establishment, exercise and protection of a right
In cases where it is mandatory for the establishment, exercise or protection of a right, it is possible to process the personal data of the person concerned without his/her explicit consent.
g) It is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject
If the processing of personal data is mandatory for the data controller and the data processing activity will not harm the fundamental rights and freedoms of the data subject, personal data may be processed without obtaining explicit consent.
The legitimate interest of the data controller is the interest and benefit to be obtained as a result of the processing to be carried out. The benefit to be obtained by the data controller must be related to a legitimate, sufficiently effective, specific and already existing interest that can compete with the fundamental rights and freedoms of the data subject. It must be a transaction that is related to the current activities carried out by the data controller and that will benefit the data controller in the near future.
3.4. Processing of Special Categories of Personal Data
Processing of special categories of personal data is subject to Article 6 of the Law and is prohibited without the explicit consent of the data subject.
Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special categories of personal data. The data within this scope are limited and cannot be expanded through interpretation.
Due to its nature, sensitive personal data are data that, if learned, may cause discrimination and victimization of the data subject. Therefore, they need to be protected much more strictly than other personal data.
a) Sensitive personal data other than health and sexual life
Special categories of personal data other than personal data relating to health and sexual life may be processed without the explicit consent of the data subject in cases stipulated by law.
b) Sensitive personal data relating to health and sexual life
Sensitive personal data relating to health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
3.5. Enlightening and Informing the Personal Data Owner
During the acquisition of personal data, data subjects are informed by our University as the data controller or by persons authorized by it. The procedures and principles regarding the information provided are specified in the Clarification Texts on the Protection of Personal Data published by the University, and the information includes the following elements in summary:
a) Identity of the data controller and its representative
According to Article 10 of the Law, personal data obtained from data subjects (employees (academic staff, administrative staff, janitorial staff) employee candidates, students, student candidates, graduate students, intern / part-time working students, PAMER clients, visitors and other third parties, etc.) are processed by Konya Food and Agriculture University as data controller and the contact of the relevant unit can be provided from kvk@gidatarim.edu.tr e-mail address, gidatarimuniversitesi@hs01.kep.tr registered electronic mail (KEP) address or www.gidatarim.edu.tr address.
b) Purposes of processing personal data
The processing of personal data is carried out for specific, explicit and legitimate purposes and is based on the principle of informing the data subjects. The purposes for which your obtained data are processed are stated in section V. CATEGORIZATION AND PROCESSING PURPOSES OF PERSONAL DATA PROCESSED BY OUR UNIVERSITY.
c) Persons to whom personal data are transferred and the purposes of transfer
Within the framework of the data controller's obligation to inform the data subject, the persons to whom personal data are transferred and the purposes of transfer should be clearly stated. Personal data cannot be transferred to third parties without the explicit consent of the data subject. The recipient groups to which personal data are transferred by our university and the purposes of transfer are shown in section IV. TRANSFER OF PERSONAL DATA.
d) Method and legal grounds for collecting personal data
In accordance with Articles 5 and 6 of the Law, it must be clearly stated by the data controller on the basis of which personal data is processed. The method and means of data collection are determined by the data controller. The conditions for processing personal data, i.e. the conditions of lawfulness, are listed in a limited number in the Law (Art. 5-6) and these conditions cannot be expanded.
The data controller University evaluates whether the purpose of the personal data processing activity is primarily based on one of the processing conditions other than explicit consent, and if this purpose does not meet at least one of the conditions other than explicit consent specified in the Law, then the explicit consent of the person is obtained for the continuation of the data processing activity.
IV. TRANSFER OF PERSONAL DATA
4.1. Domestic Transfer
Personal data cannot be transferred without the explicit consent of the data subject. However
If one of the specified conditions is met, the data may be transferred without seeking the explicit consent of the person concerned.
Accordingly, it is explicitly stipulated by law (1), it is mandatory for the protection of the life or bodily integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid, or of another person (2), it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract (3), personal data of the data subject may be transferred to third parties without obtaining the explicit consent of the data subject if it is mandatory for the data controller to fulfill its legal obligation (4), if it has been made public by the data subject himself/herself (5), if data processing is mandatory for the establishment, exercise or protection of a right (6), if data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.persons without obtaining their explicit consent.
At the same time, personal data other than health and sexual life among the special categories of personal data of the persons concerned, in cases stipulated by law; Personal data related to health and sexual life can only be transferred to third parties for the protection of public health, preventive medicine, medical diagnosis, treatment, care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality, without seeking the explicit consent of the person concerned.
Your personal data and special categories of personal data may be transferred to third parties for the purposes described in this policy text and primarily in accordance with the Higher Education Law No. 2547, Higher Education Personnel Law No. 2914, Regulation on Foundation Higher Education Institutions, Regulation on Higher Education Institutions Student Discipline Regulation, Regulation on the Procedures and Principles Regarding the Central Examination and Entrance Examinations to be Applied in Appointments to Academic Staff Positions other than Faculty Members, Regulation on Research Assistants Undergoing Graduate Education at Another University on Behalf of a University, Within the framework of the Regulation on the Organization and Functioning of Graduate Education Institutes, Regulation on Academic Organization in Universities, Regulation on Scientific Research Projects of Higher Education Institutions, Regulation on Development Training for Higher Education Institutions' Teaching Staff and Foreign National Staff, Higher Education Council Scientific Research and Publication Ethics Directive, Labor Law No. 4857, Personal Data Protection Law No. 6698; Higher Education Institution, Social Security Institution, General Directorate of Security and other law enforcement agencies, CİMER, SABİM, Presidential Human Resources Office (CBİKO), European Commission, Ministry of Foreign Affairs, Turkish National AgencyC. Ministry of Foreign Affairs, Turkish National Agency, Konya Provincial Directorate of National Education, Konya Provincial Directorate of Migration Management, Ministry of Labor, General Directorate of Population, authorized public institutions and organizations such as courts and enforcement offices, law enforcement agencies, banks, regulatory and supervisory institutions, insurance companies, cooperating universities, suppliers, press organs and other third parties, etc. can be transferred to real and legal persons.
Information on the recipient groups to which your personal data processed by the University is transferred is included in Annex 3 - Third Parties to whom Personal Data is Transferred and the Purposes of Transfer.
4.2. International Transfers
Personal data cannot be transferred abroad without the explicit consent of the data subject. The existence of one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 of the Law and in the foreign country to which the personal data will be transferred;
provided that it can be transferred abroad without seeking the explicit consent of the person concerned.
V. CATEGORIZATION AND PROCESSING PURPOSES OF PERSONAL DATA PROCESSED BY OUR UNIVERSITY
The data categorization obtained by our University by the data subjects and the purposes pursued in the processing of personal data are shown in the relevant sections of the clarification texts on our website for each category of data subjects.
VI. ADMINISTRATIVE AND TECHNICAL MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA
Administrative and technical measures are taken by the University to ensure that personal data are stored securely and to prevent unlawful processing and access to personal data.
In order to ensure personal data security, it is determined what all personal data processed by the University are and the probability of realization of the risks that may arise regarding the protection of these data; While determining these risks, it is taken into account whether the personal data is sensitive personal data (1), the degree of confidentiality required by its nature (2), the nature and quantity of the damage that may arise for the person concerned in case of security breach (3).
After the identification and prioritization of these risks, control and solution alternatives to mitigate or eliminate these risks are evaluated in line with the principles of cost, feasibility and usefulness, and necessary technical and administrative measures are planned and implemented.
6.1. Administrative Measures
It is of great importance to ensure personal data security that employees make the first intervention even if they have limited knowledge regarding cyber security and attacks that may damage personal data security. For this reason, awareness and information activities are carried out in our internal organization as the data controller.
It is ensured that employees are provided with the necessary training on issues such as not disclosing and sharing personal data unlawfully, conducting awareness activities for employees and creating an environment where security risks can be identified; the roles and responsibilities of everyone working for the data controller regarding personal data security, regardless of their position, are determined in their job descriptions and employees are aware of their roles and responsibilities in this regard. On the other hand, confidentiality agreements are signed as part of the recruitment process of employees, and a disciplinary process is carried out in case employees do not comply with security policies and procedures.
The policies and procedures applied regarding personal data security have been determined and in case of any changes in these, trainings are held to inform and explain the changes to the employees and information about data security and security threats are kept up to date.
In order to fulfill the University's legislative obligations regarding the protection of personal data, to ensure and supervise the implementation of policies and to make suggestions for their functioning; A Personal Data Protection Commission was established by the Rector of the University among the unit members determined by the University Board of Directors.
On the other hand, necessary security measures are taken in physical environments containing personal data and these environments are secured against external risks such as fire, flood, etc.
The table below summarizes the administrative measures taken to ensure data security:
Administrative Measures |
Preparation of Personal Data Processing Inventory |
Preparation and Implementation of Corporate Policies on Access, Information Security, Use, Storage and Destruction |
Drafting and Signing Agreements on Data Transfer and Ensuring Data Security (between Data Controller and Data Controller, Data Controller and Data Processor) |
Provision of Confidentiality Undertakings |
Conducting Periodic and/or Random Internal Audits |
Conducting Risk Analyses |
Adding Lawful Provisions to Labor Contracts |
Preparation of Disciplinary Regulations and KVKK Directives on Unlawful Processing of Personal Data |
Establishment of a PDP Commission to Ensure the Fulfillment of the Obligations under the Law and the Supervision of the Implementation of the Established Policies |
Ensuring Corporate Communication (Crisis Management, Board and Relevant Person Information Processes, Reputation Management, etc.) |
Conducting Training and Awareness Activities for Employees on Information Security and Laws |
Notification to the Data Controllers Registry Information System (VERBIS) and Follow-up |
Determination and Publication of Personal Data Security Policies and Procedures |
Rapid Reporting of Personal Data Security Issues |
Monitoring Personal Data Security |
Taking Security Measures within the Scope of Procurement, Development and Maintenance of Information Technology Systems |
Establishing Disciplinary Regulations with Data Security Provisions for Employees |
Revocation of Authorizations of Employees Who Change Positions or Leave Their Jobs |
Including Data Security Provisions in Contracts Signed |
Identification of Existing Risks and Threats |
Determination and Implementation of Protocols and Procedures for Sensitive Personal Data Security |
6.2. Technical Measures
Firewalls and gateways are used among the measures taken to protect information technology systems containing personal data against unauthorized access and threats by third parties over the internet. With the firewall used, it is ensured that violations of the information network are stopped, and with the gateway, it is ensured that employees' access to websites or online platforms that pose a threat to personal data security is restricted.
In addition, regular checks are carried out to ensure that the software and hardware are functioning properly and that the security measures taken for the systems are adequate.
Access to systems containing personal data is restricted, and in this context, employees in administrative and academic units are given access authorization to the extent necessary for their work and duties, authorities and responsibilities, and access to the relevant systems is provided by using the corporate e-mail address / username and password. While creating these passwords, sequences of numbers or letters associated with personal information and easily guessed are avoided as much as possible. The authorizations of employees who change their duties or leave their jobs in this area are removed immediately.
Access authorization and control matrices are created within the data controller organization, and products such as anti-virus and anti-spam that regularly scan the information system network and detect hazards are used to protect against malicious software.
Necessary security measures are taken regarding entry and exit to and from physical environments containing personal data. In order to ensure data security, necessary measures are taken to ensure that paper documents containing personal data and servers, backup devices, CDs, DVDs, USBs and other similar storage devices are only accessible to authorized personnel and to increase physical security in this regard.
The table below summarizes the administrative measures taken to ensure data security:
Technical Measures |
Authority Matrix |
Authorization Control System |
Keeping Access Logs Regularly |
User Account Management |
Closed System Network |
Network Security |
Encryption |
Penetration Test |
Intrusion Detection and Prevention Systems |
Keeping Log Records Without User Intervention |
Backup and Ensuring the Security of Backed Up Personal Data |
Firewalls |
Current Anti-Virus Systems |
Taking Cyber Security Measures and Continuous Monitoring of their Implementation |
Erasure, Destruction or Anonymization |
Taking Necessary Security Measures for Entry and Exit to Physical Environments Containing Personal Data |
Ensuring the Security of Environments Containing Personal Data |
VII. PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT AT ENTRANCES TO BUILDINGS AND FACILITIES AND INSIDE BUILDINGS AND FACILITIES
7.1. Camera Surveillance Activities Carried Out at Building and Facility Entrances and Inside
Within the scope of the Law on Private Security Services, camera surveillance activities are carried out in the University buildings, campus, garden areas, corridors, library building; on the other hand, camera surveillance activities are carried out in order to ensure security at the entrances of the dining hall, student house, laboratory, Psychological Counseling Center, Career Center, Student Communities Room, parking lot and its surroundings, and to protect the interests of ensuring the security of the University and other persons. Camera surveillance activity is carried out in accordance with the Law and is carried out within the scope of the data processing conditions listed both in the Law and in this Policy.
7.2. Monitoring of Guest Entry and Exit at Building and Facility Entrances and Inside
The identity information of the guests who visit our University in order to control and monitor the entrances and exits to the University buildings, campus and facilities and to ensure security is subject to personal data processing. The personal data processed within the scope of this activity is limited only for the purpose of checking in and out of the guests and the relevant personal data is recorded in the data recording system in electronic or physical environment.
VIII. STORAGE AND DESTRUCTION OF PERSONAL DATA
8.1. Retention Periods of Personal Data
Personal data must be accurate and up-to-date when necessary in accordance with subparagraphs (b) and (d) of Article 4 of the Law, and must be kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed. In this context, your personal data processed in accordance with the principles and rules to be observed in the data processing activity and kept by the University are kept for the period required for the purpose for which they are processed; In case the obligation to delete, destroy or anonymize personal data arises, it is deleted, destroyed or anonymized within the first periodic destruction period following the date of occurrence of this obligation.
The periods regarding the storage and destruction processes of data by our University are included in Annex-4-Personal Data Retention Periods. Except for the periods specified in Annex-4, the time interval in which periodic destruction will be carried out by our University is limited to a maximum of 6 months. The retention periods of personal data are subject to the Regulation on State Archive Services and the Regulation on Archives of Higher Education Institutions, and according to this legislation, as a rule, personal data will be kept for 1-4 years in unit archives and 10-14 years in institutional archives. However, special provisions of the Law and statute of limitations are reserved.
Our University acts in accordance with the general principles shown in Article 4 of the Law and the technical and administrative measures shown in Article 12 in the deletion, destruction or anonymization of your personal data.
All transactions regarding the deletion, destruction or anonymization of personal data are recorded by us and kept for at least 3 years in accordance with the legal obligation.
The members of the Personal Data Protection Commission appointed by the Rector of the University among the members of the unit determined by the University Board of Directors regarding the storage and destruction of data; are the persons responsible for the execution and supervision of the policy on the storage and destruction of personal data.
8.2. Obligation to Delete, Destroy and Anonymize Personal Data
Personal data processed by the University are deleted, destroyed or anonymized ex officio or upon the request of the relevant data owner in the event that the reasons requiring their processing disappear in accordance with Article 7 of the Law and the provisions of the "Regulation on Deletion, Destruction or Anonymization of Personal Data" published in the Official Gazette dated October 28, 2017 and numbered 30224 prepared by the Personal Data Protection Board.
During the deletion, destruction or anonymization of personal data; necessary administrative and technical measures are taken such as informing employees about information security and destruction processes, choosing the most appropriate method according to the nature of the data recording medium in which personal data is kept, conducting regular and periodic maintenance and follow-up studies regarding data security, using the most up-to-date technologically and technically necessary destruction systems, issuing automatic deletion commands, removing the authority to access deleted data and reuse and restore deleted data.
a) Deletion of personal data
Deletion of personal data is the process of making personal data inaccessible and non-reusable in any way for the relevant users.
All necessary technical and administrative measures are taken to ensure that deleted personal data is inaccessible and non-reusable for the relevant users.
b) Destruction of personal data
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way. The data controller is obliged to take all necessary technical and administrative measures regarding the destruction of personal data.
c) Anonymization of personal data
Anonymization of personal data is the process of making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.
Although all necessary technical and administrative measures are taken by our University to anonymize your personal data, it is anonymized by applying methods in accordance with our personal data retention and destruction policy.
8.3. Techniques for Deletion, Destruction and Anonymization of Personal Data
The techniques for deleting, destroying or anonymizing personal data processed by our university are shown below, and which of the techniques will be applied may vary depending on the nature of the personal data processed.
For this purpose, first of all, it is necessary to determine the personal data subject to deletion, destruction or anonymization (1), to identify the relevant users for each personal data using an access authorization and control matrix or a similar system (2), to determine the authorities and methods of the relevant users such as access, retrieval, reuse (3), to close and eliminate the access, retrieval, reuse authorities and methods of the relevant users within the scope of personal data (4).
The path followed in the deletion of personal data is as follows:
The path followed in the destruction of personal data is as follows:
8.4.Personal Data Recording Media
Personal data recording medium refers to any medium in which personal data is processed by fully or partially automated or non-automated means, provided that it is part of any data recording system.
Personal data relating to data subjects are securely stored by our University in the following data recording media in accordance with the relevant legislation, especially the provisions of KVKK No. 6098, and within the framework of international data security principles:
a) Technical recording media:
b) Non-technical data recording media:
8.5. Reasons Requiring Destruction of Personal Data
Personal data of the data subjects by the University, including but not limited to;
for such purposes and reasons.
IX. RIGHTS OF THE PERSONAL DATA OWNER AND EXERCISE OF THESE RIGHTS
9.1. Rights of the Personal Data Owner
In accordance with Law No. 6698, in the capacity of data owner:
you have rights.
9.2. Exercising the Rights of the Personal Data Owner
Requests regarding the implementation of the Law by the relevant person data owner should be sent to the contact e-mail address kvk@gidatarim.edu.tr, registered electronic mail (KEP) address gidatarimuniversitesi@hs01.kep.tr or Melikşah Mah. Beyşehir Cad. No:9 42080 Meram / Konya address in written form to our University. For application requests, the "Relevant Person Application Form" published by the University on its website must be used.
9.3. University's Response to Applications
The application is finalized by the University as soon as possible depending on the nature of the request. This period cannot exceed 30 days. However, if the transaction requires any cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.
Annex 1: Definitions
Explicit consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
Recipient group: The category of natural or legal person to whom personal data is transferred by the data controller,
Direct identifiers: Identifiers that, by themselves, directly reveal, disclose and make distinguishable the person with whom they are associated,
Indirect identifiers: Identifiers that, in combination with other identifiers, reveal, disclose and make distinguishable the person with whom they are associated,
Relevant person: The natural person whose personal data is processed,
Relevant user: Natural or legal persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data,
Destruction: Deletion, destruction or anonymization of personal data,
Law: Law on the Protection of Personal Data dated 24/3/2016 and numbered 6698,
Blackout Operations such as crossing out, painting and icing of the whole personal data in a way that cannot be associated with an identified or identifiable natural person,
Recording medium: Any medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system,
Personal data: Any information relating to an identified or identifiable natural person,
Processing of personal data: All kinds of operations performed on personal data such as obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system,
Board: Personal Data Protection Board,
Institution Personal Data Protection Authority,
Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller,
Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system
refers to.
ANNEX - 2: Personal Data Subjects (Data Subjects)
Data Subject Categories | Description |
Employee | It refers to people working in academic and administrative units within the University and within the framework of the service supply contract concluded within the scope of the tender. |
Employee Candidate | They are the people who apply to the University physically or electronically to take part in the positions announced in the academic or administrative units of the University. |
Student | It refers to the people who receive education services from our University by pre-registering or final registration at our University. |
Student Candidate | It refers to those who apply to our University to receive education services at our University but have not yet pre-registered or who apply to our University to receive education through student exchange programs. |
Intern / Part-Time Student | It refers to students working part-time at our university who use the profession they have received education in order to increase their professional knowledge. |
Psychological Counseling Center Clients | It refers to real persons inside and outside the institution who apply to the Psychological Counseling Center within our university and receive psychological counseling support and services. |
Supplier | It refers to the real persons and legal entity employees from whom goods / products / services are procured within the scope of the tenders organized by our university and with whom business and transactions are carried out. |
Visitor | It refers to third parties who visit the University campus or website. |
Other Related Third Parties | Real persons other than the relevant persons described and real persons whose personal data processing activities are carried out by our University. |
ANNEX - 3: Third Parties to whom Personal Data are Transferred and Purposes of Transfer
Transferred Person/Unit | Purpose of Transfer |
Higher Education Institution | Transfer of information as required by the legislation within the scope of the execution of training services. |
Social Security Institution | Transferring information in accordance with the legislation in order to carry out the procedures within the scope of carrying out the insurance procedures of employees, interns and part-time students. |
European Commission, Republic of Turkey Ministry of Foreign Affairs, Turkish National Agency, Konya Provincial Directorate of National Education, Konya Provincial Directorate of Migration Management, Ministry of Labor | Sharing/transferring information and documents related to students and academic staff within the scope of conducting international exchange programs. |
Other Authorized Public Institutions and Organizations, Courts and Law Enforcement Forces | Sharing/transferring the information and documents requested by the relevant public institutions and organizations, courts and law enforcement agencies from our University, limited to the purpose. |
Presidential Human Resources Office (CBİKO) | Sharing/transferring information and documents limited to the activities within the scope of conducting CBIKO internship activities and compulsory Career Planning courses. |
Consulates | Sharing/transferring information and documents related to students and academic staff within the scope of international exchange programs and activities and visa application procedures. |
Banks | Information transferred to students, employees and third parties to whom services are provided within the scope of making necessary payments under the name of scholarship, salary, payment, travel allowance, support, incentive, fee, service fee, etc. |
Other Universities | Transferring the necessary information within the scope of cooperation with other local and international universities within the scope of exchange programs, assignments, internship programs, projects, scientific activities, etc. in which students and employees of our university participate. |
Plagiarism Prevention and Detection Programs Databases | Sharing/transferring personal data on a limited basis for the purpose of performing registration procedures for the program in order to enable library users to benefit from plagiarism prevention and detection programs through the University. |
Suppliers | Transfer of personal data limited to the purpose of carrying out the activity of procurement of services from suppliers from whom goods/products/services are procured within the scope of tenders organized by our University and with whom business and transactions are carried out. |
Collaborators and Solution Partners | Transferring personal data to companies, non-governmental organizations and other institutions and organizations with which services are provided to carry out the activities of the University or with which cooperation is made for purposes such as providing internship or job opportunities to students. |
Legal Units | Limited transfer of personal data for the purpose of obtaining legal support within the scope of establishing, using and protecting the legal rights of the University. |
ANNEX - 4: Personal Data Retention Periods
Personal Data Source | Duration | Periodic Disposal |
Purchasing Operations | 15 Years | 6 months |
Data on Suppliers | 10 Years After Termination of Legal Relationship | 6 months |
Board Decisions Taken within the University | 15 Years | 6 months |
Biometric Data | Unless Explicit Consent is Withdrawn, Until the Legal Relationship Ends | 6 months |
Personal Data Processed in Contractual Relationships Subject to Private Law | 10 Years After Contract Expiration | 6 months |
Personal Data Related to Tax Records | 5 Years | 6 months |
Personal Data of Visitors | 2 Years | 6 months |
Personal Data Processed for Security Purposes Pursuant to CCTV Cameras(Camera Recordings) | 90 Days | 6 months |
Event Registration | 2 years | 6 months |
Traffic Information Processed during the Use of the Internet Network, Internet Access and Remote Connection(e.g. IP address, start and end time of the service provided, type of service utilized, etc.) | 2 Years | 6 months |
Cookies and Log Records | 6 Months - Maximum 2 Years | 6 months |
Traffic Information on Online Visitors | 2 Years | 6 months |
Personal Data Protection Board Transactions | 10 Years | 6 months |
Student Personnel Affairs | Indefinite | 6 months |
Diploma Book | 101 Years | 6 months |
Student Contributions / Tuition Fees | 10 Years | 6 months |
Student Exams | 2 Years | 6 months |
Student Exam Results, Grades and Achievement Tables | 10 Years | 6 months |
Intern Student Transactions | 10 Years | 6 months |
Student Leave of Absence (Scientific and Educational, Cultural, Sportive, Health Problems) | 10 Years | 6 months |
Health and Report Affairs | 10 Years | 6 months |
Transfer, Registration Freeze and De-registration | 10 Years | 6 months |
Thesis Affairs | Stored at the Institution indefinitely | 6 months |
Graduation Affairs | Stored at the Institution indefinitely | 6 months |
Scholarships and Loans | 10 Years | 6 months |
Dormitory (Student Houses) Application and Registration Affairs and Files | 10 Years | 6 months |
Part-Time Work Jobs | 10 Years | 6 months |
Student Health Report Procedures | 10 Years | 6 months |
Student Council and Representation | 10 Years | 6 months |
Student Communities, Unions, etc. | 10 Years | 6 months |
Student Exchange Programs | Indefinite | 6 months |
Academic and Administrative Staff Files | 101 Years | 6 months |
Janitor Personnel Files | 10 years from the Termination of the Legal Relationship | 6 months |
Instructor Placement Procedures | 15 Years | 6 months |
Academic Staff Exchange Programs | 15 Years | 6 months |
Graduate Study Abroad Scholarships | 15 Years | 6 months |
Academic Staff Transactions | 15 Years | 6 months |
Academic Staff Assignments | 15 Years | 6 months |
Recruitment of Foreign Academic Staff | 15 Years | 6 months |
Continuing Education Application and Research Center | 5 Years | 6 months |
Erişilebilirlik
Seslendirme (BETA)
Metinleri sesli okumaYüksek Karşıtlık
Koyu tema aktif etSolgunluk
Renkleri gri tonlarına çevirBüyük Metin
Yazı boyutunu büyütOkuma Maskesi
Odaklanmayı artırOkuma Klavuzu
Yatay okuma çizgisi