INFORMATION NOTICE ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

As Tokat Gaziosmanpaşa University (“the University”), we attach the utmost importance to ensuring the security and protection of your personal data. In accordance with the Personal Data Protection Law No. 6698 (“KVKK”), this information notice has been prepared to inform you, our valued stakeholders, about how we collect personal data, whether such data may be shared, how long it will be stored, and what rights data subjects have under the applicable legislation.

  1. Collection, Processing, Purposes, and Means of Processing Personal Data

Personal data belonging to all stakeholders may be collected directly or indirectly through University departments, websites, social media, mobile applications, and similar written, verbal, or electronic means. During processing, the principles of lawfulness, transparency, public and individual interest are observed. Personal data may be processed as long as the data subject maintains a relationship with the University, in accordance with Articles 5 and 6 of the KVKK, and within the scope of the conditions and purposes for processing personal data.

Your personal data may be processed for purposes such as:

  • Fulfilling obligations arising from the Higher Education Law and the regulations of the Council of Higher Education (YÖK); carrying out educational, research, publication, and consultancy activities;
  • Protecting the life and property safety of students, staff, and visitors; fulfilling legal obligations and responding to requests from judicial or administrative authorities;
  • Conducting academic and administrative operations, including production of ID cards and other internal procedures;
  • Managing employment, occupational safety, and social security obligations under labor and social security laws;
  • Executing contracts and obligations with third parties, subcontractors, or suppliers in legal and commercial relationships;
  • Maintaining communication with stakeholders and promoting University activities;
  • Managing academic programs, events, and education processes for students, and collecting necessary personal data such as name, surname, date of birth, address, mobile number, and email (with consent where required).
  1. Transfer of Personal Data and Recipients

Transfers of personal data within the University are not considered third-party transfers. Data exchange among departments or employees is within the University’s structure.

However, in line with the purposes mentioned above, personal data may be shared with:

  • Legally authorized public bodies and institutions such as the Council of Higher Education (YÖK), the Ministry of Finance, the Ministry of Trade, the Information and Communication Technologies Authority (BTK), the Social Security Institution (SGK), and other ministries;
  • Judicial authorities and other legally authorized entities;
  • Contracted institutions, business partners, payment processors, or service providers, when permitted by law.
  1. Method and Legal Basis of Personal Data Collection

Depending on the nature of your relationship with the University, personal data may be collected in written, verbal, or electronic form for the purposes described above, to ensure that our University fulfills its contractual and legal obligations properly. The collected data may be processed and transferred under Articles 5 and 6 of the KVKK.

  1. Retention Period of Personal Data

If a specific retention period for personal data is defined by law or regulation, the University will store the data for at least that duration. Additional time (6 months to 1 year) may be added to accommodate possible administrative or judicial processes. After this period, data are deleted.

If no specific duration is provided by legislation, data will be stored as long as the relationship or contractual term requires. Afterward, data will be deleted, destroyed, or anonymized within six months. Upon your valid request for deletion, data will be erased within 30 days.

  1. Rights of Data Subjects under Article 11 of the KVKK

You have the right to:

  • Learn whether your personal data is processed,
  • Request information if your personal data has been processed,
  • Learn the purpose of processing and whether it is used appropriately,
  • Learn the third parties to whom your data has been transferred domestically or abroad,
  • Request correction if your personal data is incomplete or incorrect,
  • Request deletion or destruction of your personal data under the KVKK,
  • Request notification of such corrections or deletions to third parties,
  • Object to the emergence of a result against you through automated data processing,
  • Request compensation for damages in case of unlawful processing.
  1. How to Exercise Your Rights

Pursuant to Article 13 of the KVKK, you may submit your request in writing or electronically via registered email (KEP), secure electronic signature, mobile signature, or by using the email address previously registered with the University.

Your request must include:

  • Name and surname
  • Signature (if written)
  • Turkish ID number (or passport number for foreigners)
  • Residential or workplace address
  • Email address (if available)
  • Telephone and fax number
  • Subject of the request

Requests must clearly and understandably specify which right you wish to exercise and include relevant supporting documents. If submitted on behalf of another person, a notarized power of attorney must be attached.

All valid requests will be evaluated and answered within 30 days from the date the University receives them.