Dear Student,

As OSTİM Technical University, in our capacity as the data controller, we would like to inform you, within the scope of the obligation to inform set forth in the Personal Data Protection Law No. 6698, about the purposes for which your personal data may be processed, to whom and for what purposes the processed personal data may be transferred, the method and legal basis for collecting personal data, and your other rights arising from the Law.

In education and training processes, due to various legislation and the requirements of business life, it is necessary to collect, process and use personal data through various methods and means. In this context, pursuant to Law No. 2547, secondary regulations, the Main Regulation of OSTİM Technical University, the University’s other education and training regulations and other relevant legislation, all kinds of your personal data, including entrance-exit controls, security audio and visual records, and education-training procedures, are processed and protected with due diligence, primarily for the protection of privacy and the fundamental rights and freedoms of individuals, and may be transferred to third parties within the framework of the relevant legislation when necessary.

Data Controller:

The data controller refers to the real or legal person who determines the purposes and means of processing personal data and who is responsible for the establishment and management of the data recording system.

OSTİM Technical University is a public institution established with public legal personality pursuant to Article 3 of Law No. 2547, the provisions concerning foundation higher education institutions, Article 5 of the Regulation on Foundation Higher Education Institutions, and Additional Article 174 of Law No. 2809.

Name of Data Controller: OSTİM Technical University

Address No: 3374822538

Kep Address: ostimteknik@hs01.kep.tr

Senior Executive Responsible for Coordination: Acting Secretary General Turan ŞİŞMAN

Contact Person: Acting Deputy Secretary General Özgür TEKASLAN

Categories of Personal Data Processed:

The personal data shared will be processed in accordance with the Personal Data Protection Law No. 6698, for specific, explicit and legitimate purposes, for as long as our obligations continue within the scope of the relevant legislation, under the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL No. 6698, and may be transferred and protected under Articles 8 and 9 of the same Law.

In this context, during the pre-registration, registration and admission stages to the University, throughout your studentship and at the stage when your studentship ends, personal data consisting of “Name-Surname, Identity Information and Identity Number, Passport No., Contact Information, Education Information, Image Information, Location Information, Log Records, IP Address Information, Family and Relative Information, Bank Account Information, Health Information, Criminal Record Information, Blood Group Information and other information arising from legislation” are processed within the scope of the following purposes and legal grounds:

• To maintain education and training activities, measurement and evaluation and achievement tracking, to conduct student affairs processes and policies, to create student files and to keep student records required under the relevant legislation;
• To ensure transparency in examination and evaluation processes; to evaluate the performance of students’ data contained in forms filled in and systems used within the scope of education and training activities; to identify and remedy areas of deficiency in order to improve student performance; and to enhance students’ academic and professional development and the University’s operational efficiency;
• To fulfill students’ accommodation, health, internship, workplace/on-the-job training, financial and social rights; within this scope, to make mandatory notifications to the Social Security Institution and other official institutions under Social Insurance and General Health Insurance Law No. 5510; to carry out health examinations required under Occupational Health and Safety Law No. 6331, mandatory trainings to be provided, minutes and relevant evidence documents prepared in the event of non-compliance with rules, medical tests and other procedures required by legal legislation;
• To promote the University and share events with the public;
• To enable students to benefit from services provided by the University and/or units affiliated with the University;
• To ensure the life and property safety of real and/or legal persons and occupational health and safety; to fulfill obligations arising from international standards such as the Occupational Health and Safety Law, ISO 9001 and ISO 27001, based on the legal ground of fulfilling statutory obligations, or to obtain camera recordings within the University based on the legal ground of legitimate interest for ensuring the security of the University;
• To submit data to relevant public institutions and organizations during inspections to be carried out by authorized public institutions and organizations;
• To manage disciplinary processes; to monitor whether students act in accordance with the relevant legislation and the rules, instructions and legal obligations established within the University, and to record conduct contrary to such rules;
• To support graduates in career planning, monitor graduate success and create an alumni network;
• To conduct sports activities, enable membership in University student communities, and enable participation in activities, events and organizations carried out under clubs;
• To fulfill requests for information and documents made by judicial bodies or authorized administrative authorities;
• To improve the products and services offered in the University and/or all units affiliated with the University; to increase satisfaction; to make necessary changes within this scope; to produce statistical and scientific information; and to improve University activities and outsourced services by obtaining personal data through surveys or various systems;
• To conduct market research, promotion and necessary notifications regarding services; to contact individuals directly through communication channels shared with the University in order to evaluate complaints and suggestions;
• To continue all kinds of activities concerning academic trainings, scientific research, project applications, and applications, assignments, transfers and similar rights under the Law on Intellectual and Artistic Works and the Industrial Property Law;
• To develop and implement the University’s strategies and to carry out accreditation and evaluation studies;
• Based on the legal ground of legitimate interest, to organize trainings, seminars and similar organizations and participation therein; to organize, through the University, travel, accommodation, transportation, expenditure and similar transactions to be carried out by students within the scope of education and training activities; and for the organization of such transactions, to transfer and store personal data consisting of “Name, Surname, Turkish ID No./Passport No., Contact Information, Mil Card Information” to supplier companies;
• To conduct educational and research-oriented collaborations, education programs, personnel exchanges and joint events and activities with similar institutions operating abroad and/or domestically, and with the countries and country representations of students of foreign origin;
• To take all necessary technical and administrative measures for systems and applications within the scope of data security, and to fulfill legal obligations by keeping log records in every medium where University systems or University devices are used under Law No. 5651;
• Within the scope of the legal grounds specified in subparagraphs “a”, “c”, “ç”, “d”, “e” and “f” of paragraph 2 of Article 5 of Law No. 6698 and paragraph 3 of Article 6, including the University’s legitimate interests, explicit provision by law, necessity of processing personal data of the parties to a contract, fulfillment of the University’s legal obligations, public disclosure, necessity of data processing for the establishment, exercise or protection of a right, and other cases stipulated by law; and, with respect to personal data concerning health and sexual life, for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and financing.

Method and Legal Basis for Collecting Personal Data

Your personal data are collected and processed in physical or virtual environments, directly or indirectly, in accordance with the general principles for processing personal data under the PDPL, primarily through application forms, orally, in writing or electronically, during your use of University systems and devices, when you connect to the University network, by filling in participation lists for meetings, seminars, conferences and trainings you attend, through the recording of your images within the University, during the preparation of surveys, forms, documents or records, within the scope of infirmary services, or in cases where you disclose such data by contacting the University through other methods, for the purposes of receiving your application, creating your registration, carrying out other arrangements concerning education and training, and fulfilling the obligations imposed on the parties by legislation.

Depending on the nature of the service provided and the communication channel, the following automatic or non-automatic methods are generally used:

o Automatic Methods:

o Electronic registration, application, contact or feedback forms completed through OSTİM Technical University’s corporate website and other online platforms, if any (such as the learning management system).

o ​Data collected through cookies and similar tracking technologies used during website visits.

o Log records automatically generated by OSTİM Technical University’s information systems.

o Visual/audio recordings made through education or meeting platforms.

o Non-Automatic Methods:

o Information and documents transmitted through communication channels such as e-mail, telephone and fax.

o Education and examination papers, and related petitions and declarations.

o Completion of printed forms (registration form, attendance list, survey, etc.) during face-to-face meetings, trainings, seminars or other events.

o Documents sent by post or cargo (application documents, contracts, etc.).

o Personal data transferred to the administrative or academic units of OSTİM Technical University (such as the Department of Student Affairs, International Relations Office, Department of Human Resources, etc.).

Duration of Processing Your Personal Data

For your personal data, if a period is prescribed in the legislation, primarily in Higher Education Law No. 2547, that period will be observed; if no such period is prescribed, the data will be retained for as long as required for the purpose for which they are processed. If there is no valid reason for further retention of a data item, that data will be deleted, destroyed or anonymized. In addition, in the event of any dispute that may arise between the University and the relevant person, the University may retain personal data limited to the purpose of carrying out necessary defenses within the scope of the dispute and for the limitation periods determined pursuant to the legislation.

Parties to Whom Personal Data Are Transferred and Purposes of Transfer

Your personal data processed by OSTİM Technical University may be transferred, within the scope of the PDPL No. 6698 and relevant legal legislation, in accordance with Articles 4, 5 and 6 of the PDPL, for the purposes of carrying out the processing purposes specified above, providing services, fulfilling legal obligations and ensuring the continuity of business processes, to the recipient groups listed below under the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, provided that the necessary administrative and technical security measures are taken:

o Academic Staff, Relevant Academic and Administrative Personnel, Trainers and Speakers: Data necessary for the content and organization of education (e.g., course/training participant name list, contact information, exam grades, payment information, etc.) for the purpose of conducting trainings, seminars, conferences or events.

o Relevant Administrative and Academic Units of OSTİM Technical University: To units such as the University’s Department of Student Affairs, International Relations Office, Department of Financial Affairs, Department of Information Technologies and Department of Human Resources, to the extent required for internal reporting, coordination, accounting, auditing, legal follow-up and administrative operations.

o Partner Institutions and Organizations: If joint education, workplace/on-the-job training programs, internship, job placement and similar projects or events are organized for students or graduates, the data necessary for the execution of the program may be transferred to the relevant partner institution or organization (universities, professional chambers, companies, etc.).

o Suppliers and Service Providers (Data Processors): Data may be transferred to third-party companies from which the University receives external services in order to carry out its activities, to the extent required by the service. These may include information technology services (server hosting, cloud services, e-mail infrastructure, learning management system software providers, etc.), banks, payment service providers (receiving online payments, etc.), cargo and courier companies (delivery of certificates, documents or materials, etc.), security companies, event organization companies, printing services, financial consultancy or audit services.

o Authorized Public Institutions and Organizations: Pursuant to the provisions of the legislation in force or upon duly made requests of authorized public institutions (such as the Council of Higher Education (YÖK), Social Security Institution (SGK), Ministry of Finance, Ministry of Labor and Social Security, courts, public prosecutor’s offices, police units, etc.), for the purpose of fulfilling legal obligations.

o OSTİM Ecosystem Organizations: Data transfer may take place to organizations within the OSTİM ecosystem in which the University is located, such as the OSTİM Foundation, OSTİM Organized Industrial Zone Directorate and OSTİM Technopark, within the framework of the regulations, collaborations or reporting obligations to which the University is subject.

o Transfer Abroad: If the servers of certain information systems used by the University (e.g., e-mail servers, cloud-based software, online education platforms) are located abroad or if the University works with service providers based abroad, your data may be transferred abroad under the conditions specified in Article 9 of the PDPL.

Rights of the Personal Data Subject:

Under Article 11 of the Personal Data Protection Law No. 6698, you have the right to:​

● Learn whether personal data have been processed and, if so, request information regarding such processing;

● Learn the purpose of processing personal data and whether they are used in accordance with that purpose;

● Know the third parties to whom personal data have been transferred domestically or abroad;

● Request correction if personal data have been processed incompletely or inaccurately;

●Request deletion, destruction or anonymization of personal data within the framework of the conditions stipulated in Article 7 of the Law;

● Request that correction, deletion or destruction of personal data be notified to third parties to whom the personal data have been transferred;

● Object to the occurrence of a result against you by means of analyzing the processed data exclusively through automated systems;

● Request compensation for damages if you suffer damage due to the unlawful processing of personal data.

If, as the personal data subject, you wish to exercise the above-mentioned rights, you may submit your requests regarding the rights you wish to exercise, together with the necessary information identifying your identity, in accordance with the application procedures stipulated in the Communiqué on the Procedures and Principles for Application to the Data Controller, by delivering a written and signed petition in person to Ostim Technical University, 100. Yıl Blv. 55/F OSTİM 06375 Yenimahalle/Ankara, by sending it to ostimteknik@hs01.kep.tr or by sending it through a notary public or by registered mail with return receipt.

Requests submitted to the University will be answered in writing or electronically as soon as possible and, in any case, within thirty days, depending on the nature of the request. If the transaction requires an additional cost, the University reserves the right to request the fee set out in the tariff determined by the Personal Data Protection Board.