Who are we?

Privacy Policy

 

Privacy and Personal Data Protection Policy

Türkiye Gençlik ve Eğitime Hizmet Vakfı (“TÜRGEV” or “the Foundation”), in line with the principles set forth in the Law on the Protection of Personal Data No. 6698 (“the Law”), fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, the obligation to inform the data subject, and ensuring data security.

This Privacy and Personal Data Protection Policy has been prepared in compliance with the Law and is made available to natural persons whose personal data are processed (“data subjects”).

1. Scope and Purpose of the Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy specifies in detail the following with respect to TÜRGEV:

  • Methods and legal grounds for collecting personal data

  • Categories of persons whose personal data are processed (Data Subject Categorization)

  • Categories of personal data processed (Data Categories) and sample data types

  • Purposes for which the relevant personal data are used

  • Technical and administrative measures taken to ensure the security of personal data

  • Recipients and purposes of personal data transfers

  • Retention periods of personal data

  • The rights of data subjects over their personal data and how they may exercise these rights

a. Methods and Legal Grounds for Collecting Personal Data

TÜRGEV collects personal data through printed forms, electronic forms, websites, social media accounts, email, post, CCTV, cookies, fax, notifications from administrative and judicial authorities, and other communication channels, in audio, electronic, or written form, in accordance with the conditions for processing personal data set forth in the Law and for the legal reasons specified in this Privacy and Personal Data Protection Policy.

b. Data Subject Categorization

TÜRGEV classifies data subjects whose personal data it processes into the following groups. These groups may be expanded in light of the processes and legal reasons specified in this policy:

  • Scholarship Holder

  • Scholarship Candidate

  • Dormitory Student

  • Dormitory Student Candidate

  • Employee

  • Employee Candidate

  • Donor

  • Visitor

  • Online Visitor

  • Educator/Business Partner/Supplier

c. Data Categories and Sample Data Types

1. Scholarship Holder and Candidate

  • Other: Student certificate, school records, CCTV, other information specified in the Student Application and Registration Guide

2. Dormitory Student and Candidate

  • Identity Information: Name-Surname, Gender, National ID Number, National ID details (serial number, family registry number, etc.), Date of Birth, Place of Birth, Marital Status, Passport Information (for foreign nationals), Signature

  • Contact Information: Address (home/work), Email, Phone / Mobile Phone

  • Visual and Audio Information: Photograph

  • Special Category Personal Data: Criminal Record, Health Report

  • Family and Close Relations Information: Name-Surname, Residence, Degree of Kinship, Profession, School, Date of Birth, Mobile Phone, Social Security documents, Financial Information

  • Other: Student certificate, school records, CCTV, other information specified in the Student Application and Registration Guide

3. Donor

  • Identity Information: Name-Surname, Gender, National ID Number, Signature

  • Contact Information: Address

  • Financial Information: Donation amount, receipt details, credit card information

4. Visitor

  • Identity Information: Name-Surname, National ID Number, Passport Number (for foreign nationals)

  • Contact Information: Email, Phone / Mobile Phone

  • Legal Transaction and Compliance Information: IP address and Log Records

  • Other: Vehicle Plate, CCTV

5. Online Visitor

  • Transaction Security Information: Password, Membership Number, Mobile Phone

  • Legal Transaction and Compliance Information: IP Address and Log Records

6. Business Partner / Supplier

  • Identity Information: Name-Surname, Gender, National ID Number, ID details (serial number, etc.), Date of Birth, Place of Birth, Marital Status, Professional IDs

  • Contact Information: Address, Email, Phone / Mobile Phone

  • Financial Information: Bank Account Information, Financial Transaction Information, IBAN, Payment Information, Copies of Letters of Guarantee

  • CV and Professional Information: Education, Military Service Status, Sector Information, Affiliated Organization, Employment Start/End Date, Title, Insurance Information

  • Legal Transaction and Compliance Information: Signature Circulars, Activity Information, Power of Attorney

  • Special Category Personal Data: Criminal Record, Signature, Health Information

  • Other: Vehicle Plate, CCTV, Photograph

d. Purposes of Using Personal Data

Personal data are used by TÜRGEV for the following purposes:

  • Conducting necessary work by relevant departments to carry out activities of the Foundation and managing related business processes

  • Planning and/or executing the activities of efficiency, productivity, and/or relevance analysis of Foundation activities

  • Planning and/or executing business continuity activities

  • Planning, auditing, and executing information security processes

  • Monitoring finance and accounting activities of the Foundation

  • Planning and executing Foundation operational processes

  • Planning and executing internal and external training activities of the Foundation

  • Managing relations with business partners and/or suppliers

  • Monitoring requests and/or complaints

  • Monitoring legal affairs of the Foundation and fulfilling legal obligations

  • Planning and executing operational activities necessary to ensure Foundation activities are carried out in compliance with Foundation procedures and/or relevant legislation

  • Providing information to authorized institutions as required by legislation

  • Planning and executing audit activities of the Foundation

  • Ensuring the security of Foundation premises and/or facilities

  • Ensuring the security of Foundation operations

  • Ensuring the protection of Foundation premises and assets

  • Ensuring the security of Foundation equipment and/or resources

  • Creating visitor records

e. Technical and Administrative Measures for Ensuring Personal Data Security

TÜRGEV undertakes to take all necessary technical and administrative measures to ensure the confidentiality, integrity, and security of your personal data. Within this scope, the Foundation takes measures to prevent misuse, unlawful processing, unauthorized access, disclosure, alteration, or destruction of personal data.

(Here the detailed measures: Anti-Virus, Firewall, Access Authorization, Password Management, Security Incident Management, Penetration Tests, Information Security Meetings, Training Portal, SSL Protection, Pseudonymization, Locked Storage for Physical Records, Cookie Deletion after Membership Termination, Immediate Reporting of Data Breaches are fully listed as in the source text.)

f. Recipients and Purposes of Personal Data Transfers

TÜRGEV transfers personal data to third parties only for the purposes specified in this Policy and in accordance with Articles 8 and 9 of the Law. Transfers are carried out through secure environments and channels provided by the third parties. Where possible, pseudonymized data are used instead of directly identifiable personal data.

Contracts with third parties include provisions ensuring compliance with the Law to legally protect personal data.

h. Retention Periods of Personal Data

TÜRGEV retains personal data in compliance with the Law for the periods prescribed by relevant legislation or required by the purpose of processing. These periods are specified in the Personal Data Retention and Destruction Policy [insert link]. For example:

  • Data relating to Business Partners / Suppliers: 10 years after termination of the legal relationship (in line with Turkish Commercial Code, Code of Obligations, and Tax Procedure Law)

  • Visitor Camera Records: 3 months (for security purposes)

  • Online Visitor Data: 2 years (in line with Law No. 5651)

  • Accounting and Financial Records: 10 years (in line with the Code of Obligations and relevant legislation)

j. Rights of Data Subjects and Exercising These Rights

Under Article 11 of the Law, data subjects have the following rights:

  1. To learn whether personal data is being processed,

  2. To request information regarding processed data,

  3. To learn the purpose of processing and whether it is used accordingly,

  4. To know the third parties to whom personal data is transferred, domestically or abroad,

  5. To request correction of incomplete or incorrect personal data,

  6. To request deletion or destruction of personal data under the conditions provided in Article 7,

  7. To request notification of corrections or deletions to third parties to whom data has been transferred,

  8. To object to processing that leads to an unfavorable result through automated systems,

  9. To demand compensation for damages incurred due to unlawful processing.

Requests may be made using the “KVKK Application Form” available on TÜRGEV’s Website, or via the official email address [email protected] and the official phone line +90 212 532 1996.

2. Conditions for Deletion, Destruction, and Anonymization of Personal Data

TÜRGEV processes personal data collected through various channels for the periods stipulated by law or required for the purpose of processing. When these periods expire, data are deleted, destroyed, or anonymized in line with the Regulation on the Deletion, Destruction, or Anonymization of Personal Data and the Guidelines on Deletion, Destruction, or Anonymization.

3. Amendments to the Privacy and Personal Data Protection Policy

TÜRGEV may amend this Policy at any time. Amendments take effect immediately upon publication of the revised Policy. Necessary notifications will be provided to ensure that you are informed of such changes.

HOW CAN WE HELP YOU?