Personal Data Protection and Privacy Policy

Our Commitment to Personal Data Protection and Privacy
At Işık University, we prioritize the security and confidentiality of your personal data and take the highest level of security measures to protect this information.
In accordance with Law No. 6698 on the Protection of Personal Data, we aim to inform you about the processing of your personal data, ensuring the protection of privacy, fundamental rights, and freedoms.
As the data controller, Işık University processes all types of personal data, both general and special categories, in compliance with Law No. 6698, within the scope of educational and administrative activities. The collected data is stored, updated, classified, shared with specific third parties, and processed as per the regulations detailed below.

Principles of Personal Data Processing
At Işık University, we process personal data in accordance with the following principles:
•    (a) Lawfulness and fairness
•    (b) Accuracy and keeping data up to date
•    (c) Processing for specific, explicit, and legitimate purposes
•    (d) Processing in a relevant, limited, and proportionate manner
•    (e) Retaining data for only as long as required by regulations or processing purposes

What Data Do We Collect and Why?
Personal data refers to any information that directly or indirectly identifies you. The types of personal data we collect depend on your interaction with Işık University and may include one or more of the following categories:
Categories of Collected Personal Data:
•    Identity Information (Full name, parent names, date and place of birth, marital status, Turkish ID number, etc.)
•    Contact Information (Email address, mailing address, phone number, etc.)
•    Location Data (If permission is granted via mobile applications, location data may be collected.)
•    Student Records (Data related to student requests and applications.)
•    Legal Records (Correspondence with judicial authorities, case file information, etc.)
•    Physical Security Data (Entry-exit records, security camera recordings, etc.)
•    Transaction Security Data (IP address, internet access logs, password and security details.)
•    Financial Data (Payment records, bank account details, promissory notes, etc.)
•    Professional Experience (Diplomas, training programs, certificates, transcripts, etc.)
•    Marketing Data (Service history, participation in fairs, surveys, cookie records, etc.)
•    Visual and Audio Data (Photographs, voice recordings, etc.)
•    Race and Ethnic Origin (Collected in cases such as Erasmus program applications.)
•    Philosophical Beliefs, Religion, Sect, and Other Beliefs (Religion field on identity documents.)
•    Health Information (Disability status, blood type, general health information.)
•    Criminal Record and Security Measures (Information related to criminal convictions and security-related measures.)
•    Demographic Data (Country, gender, age, preferred language, interests, etc.)
•    Social Media Data (Information shared via social networks and interactions on various social media platforms.)
•    Website Browsing Data (Pages visited on Işık University websites, referring websites, and clickstream behavior.)
For more details on data collection, refer to our Cookie Usage Policy.

Purpose of Personal Data Processing
Your personal data is collected and processed based on the legal conditions outlined in Articles 5 and 6 of Law No. 6698 for the following purposes:
•    Compliance with Higher Education Law and other relevant regulations,
•    Conducting educational, research, assessment, publication, and advisory activities,
•    Ensuring transparent and objective examination and evaluation processes,
•    Managing student accommodations, financial, and social rights,
•    Maintaining student records and academic services,
•    Promoting the university and sharing event information with the public,
•    Facilitating services for students, alumni, and prospective students,
•    Ensuring campus security, legal compliance, and occupational safety,
•    Fulfilling legal and regulatory obligations,
•    Providing healthcare services to students and staff,
•    Supporting alumni career planning, tracking alumni success, and creating alumni networks,
•    Organizing sports and extracurricular activities,
•    Enhancing university services and ensuring stakeholder satisfaction,
•    Conducting market research and promotional activities,
•    Managing legal, financial, and administrative operations,
•    Cooperating with international educational institutions,
•    Participating in scientific research, projects, and publications,
•    Complying with requests from judicial and administrative authorities,
•    Providing IT support and cybersecurity measures,
•    Managing disciplinary and academic processes,
•    Supporting internship and training agreements,
•    Conducting data analysis and reporting,
•    Ensuring business continuity and crisis management.
Your data is processed only for legitimate and lawful reasons as required by university regulations and national legislation.

How Do We Collect Your Data?
Your personal data is collected through:
•    Direct interactions via email, phone, university forms, websites, and applications,
•    Legal obligations via Higher Education Council (YÖK), ÖSYM, government systems,
•    University learning management systems, distance learning platforms,
•    Cookies and tracking technologies used on websites and applications,
•    Third-party service providers (security, IT, financial services),
•    International education collaborations for academic programs.
Your data is processed only for as long as necessary for legal compliance and operational needs.

Who Can Access Your Data?
Işık University does not sell, rent, or trade your personal data. It is only shared under the following conditions:
•    Legal obligations (YÖK, Ministry of Education, judicial authorities, tax offices, social security institutions),
•    Operational needs (security, IT, financial service providers),
•    Academic partnerships (internships, exchange programs, collaborative research),
•    Public safety and regulatory compliance (court orders, government audits),
•    Distance learning platforms, where necessary, involving international data transfer.
International transfers are only conducted in compliance with European GDPR standards and other legal requirements.

Your Rights Regarding Your Personal Data
You have the right to:
•    Learn whether your data is processed,
•    Request information on processed data,
•    Understand the purpose of processing and whether data is used accordingly,
•    Know third parties to whom your data is transferred,
•    Request corrections for incorrect or incomplete data,
•    Request deletion or anonymization under legal conditions,
•    Object to automatic decision-making,
•    Claim compensation for damages due to unlawful data processing.

How to Exercise Your Rights?
To submit a request, you may:
1.    Apply in person to the university with a sealed envelope labeled “Personal Data Protection Information Request.”
2.    Send a notarized request to the university’s address.
3.    Submit an electronically signed request via KEP (Registered Electronic Mail) to isikuniversitesi@hs01.kep.tr.
Your requests will be processed within 30 days, and if rejected, reasons will be communicated via email or postal mail.

Updates to Our Privacy Policy
If we make any significant changes to this policy, we will notify you via email, our website, or social media channels.
Publication Date: January 2020
 

Related Documents: