Version: 3.0
Updated Date: February 9, 2026
1. Law of Protection of Personal Data
Law of Protection of Personal Data number 6698 was accepted on 24th March, 2016 and published in the Official Gazette number 29677 on 7th April, 2016. Law took effect partially on publishing date, remaining part became effective on 7th October, 2016.
ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. (“Company”) is data controller within the scope of (ı) paragraph of 1st article of 3rd clause of Law of Protection of Personal Data number 6698. The electronic system used by the Company with the aim of data collection and processing within the scope of (ı) paragraph of 1st article of 3rd clause of Law of Protection of Personal Data is Data Recording System. Company collects the personal data for a definite, clear and legitimate reasons and process them in accordance with certain criteria. Within the scope of (ı) paragraph of 1st article of 3rd clause of Law of Protection of Personal Data, both the company as an institution and company employees work as data processor.
2. Aim of the Policy
Policy for Protection of Personal Data is setup to determine the rules and principles about operations and transactions concerning the data storage transactions to be done in ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. Company defines its priority as the processing of the personal data of customers, its employees, employee candidates, service providers, visitors and other third persons in accordance with the Turkish Constitutional Law, international agreements, Law of Protection of Personal Data number 6698 and other related regulations and rendering the related persons to use of their rights properly. Operations and transactions about the storage and deletion of personal data is realized in accordance with the Policy set up by the Company for this aim.
3. Scope of the Policy
Personal data of customers, its employees, employee candidates, service providers, visitors and other third persons are within the scope of this Policy and this Policy applies for all actions and in all recording mediums about processing personal data owned and managed by the Company.
4. Definitions
Anonymization : Depersonalizing of the personal data by linking them with other data so that they cannot be associated with a definite or identifiable Real Person by no means.
Open Consent: Consent expressed with free will about a definite topic depending on clarification.
Related Person: Real person of whose personal data is processed.
Personal Data: Any kind of data about a person whose identity is definite or identifiable.
Processing of Personal Data: Any kind of transaction made with the personal data; such as collection, recording, storage, conservation, change, rearrangement, declarance, transfer, taking over, rendering available, classification or preventing the use of data completely or partially with automatical or manual ways.
Data Processor: Real or corporate authorized person who processes the personal data in the name of the data controller.
Data Recording System: Recording system in which the personal data are processed in accordance with certain criteria.
Data Controller: Real or corporate person who determines the purposes and ways of personal data processing and is responsible for the establishment and management of data recording system.
Law/KVKK: Law of Protection of Personal Data number 6698.
Deletion of Personal Data: Deletion of personal data; rendering the personal data non-accessible and unusable by Related Users.
Disposal of Personal Data:Rendering the personal data non-accessible, non-restorable and unusable by anyone, anyway.
Special Quality Personal Data: Data of the real persons about race, ethnic background, political thought, philosophical beliefs, religion, sect or other beliefs, appearance, organization membership, health condition, sexual life, punishment conviction, safety precaution and biometric and genetic data.
5. Processing of Personal Data
ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. processes personal data of real persons in accordance with the 4th and 5th clauses of KVKK. Within this scope, it collects and processes the personal data of its customers, employees and other real persons who are connected in a business relationship. ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. is responsible to process and protect the personal data of the related real persons within the scope of Law of Protection of Personal Data number 6698 and related regulations.
Company processes the personal data within the scope of (a) (b) (c) (ç) and (d) paragraphs of 1st article of 4th clause of Law of Protection of Personal Data.
Company collects and processes the personal data in accorance with the rules below;
Processing in compliance with the Law and rule of Honesty: While processing the personal data, Company acts in accordance with the principles adopted with the legal regulations and general trust and honesty rules. Within this scope, Company does not use the personal data except from the determined processing purposes.
Ensuring the Accuracy and Actuality of the Personal Data When Required: Company provides the accuracy and actuality of the personal data it processes considering the basic rights and legitimate interests of the personal data owners.
Processing for Definite, Clear and Legitimate Purposes: Company defines its legitimate and lawful purpose for personal data processing explicitly and accurately. Company processes the personal data as much as and as long as it is required and related with providing domain name and other services.
To be Moderate, Limited and Related with the Processing Purpose: Company processes the personal data convenient for the realization of the determined purposes and avoids processing of the personal data which is not related or required for the realization of the defined purpose.
Storing as Long as it is Prescribed by the Related Regulations or Required for the Purpose it is Processed for: Company stores the personal info only for a period of time required for the processing purpose or prescribed in the regulations at most. In the case of expiration or disappearance of the reasons to process the data, Company deletes, destroys or anonymize the personal data.
Personal data and documents collected for domain name transactions and other transactions are stored in the database and backup system for the duration it is required to be presented to Turkish Courts in a case of a dispute.
6. Enlightening and Informing of the Personal Data Owner
Company enlightens the personal data owners while collecting the personal data in accordance with the 10th clause of Law of Protection of Personal Data. A copy of general clarification text is also available on www.metunic.com.tr. Within this scope, Company enlightens the personal data owner about the identity of the data controller, identity of the representative if available, purpose of the data process, with whom and for which purpose the personal info can be shared, method and legal cause of personal data collection and rights of the personal data owner considering the nature of the data owner and data processing procedure.
Cookies policy, general clarification text, privacy policy, open consent and enlightment texts together with this policy text can be found on the company website.
7. Deletion, Transfer and Anonymization of Personal Data
The personal data collected and processed by ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. should be deleted or anonymized within certain time duration as required by the Law of Protection of Personal Data and Regulation About Deletion, Disposal or Anonymization of Personal Data. Storage durations may vary depending on the operation to be carried and nature of the data.
In domain name registration processes, personal data, institutions, organizations and persons permitted by the provisions of the legislation; other third parties; our resident business partners at home and/or abroad, and the organizations we receive services from to carry out our company activities; it can be shared directly and/or indirectly with public institutions and organizations that we are legally liable for.
In accordance with the legislation to which our institution is subject, the relevant data can be transferred with the persons and institutions that have been given permission to request and obtain, within the framework of the personal data processing conditions and purposes specified in 8 and 9th Clause of KVKK.
Personal data can be shared with the new panel officer due to the inter-account transfer transactions to be made by the customer panel officer.
8. Data Subject Rights and Application Procedure
Data subjects whose personal data are processed have the rights set forth under Article 11 of the Law No. 6698 on the Protection of Personal Data (KVKK), including:
- To learn whether their personal data are processed,
- To request information if their personal data have been processed,
- To learn the purpose of the processing of personal data and whether such data are used in accordance with that purpose,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request the rectification of personal data if they are incomplete or inaccurate, and to request notification of such rectification to third parties to whom the data have been transferred,
- To request the deletion or destruction of personal data, even if processed in accordance with the KVKK and other applicable legislation, where the reasons requiring processing no longer exist, and to request notification of such action to third parties to whom the data have been transferred,
- To object to any result to the detriment of the data subject arising from the analysis of processed data exclusively through automated systems,
- To claim compensation for damages incurred due to unlawful processing of personal data.
Applications for exercising the above-mentioned rights must be submitted in writing, either by post with a wet-ink signature, via the Company’s Registered Electronic Mail (KEP) address using a secure electronic signature or mobile signature, or through the electronic mail address previously notified to and recorded in the Company’s systems by the data subject.
Applications that are not submitted in accordance with the procedures specified above, that do not allow for identity verification, or that do not include the information and documents required under the applicable legislation shall not be considered valid applications within the scope of the KVKK and shall not be processed.
Applications duly submitted in compliance with the applicable procedures shall be concluded within thirty (30) days at the latest, depending on the nature of the request.
9. Contact Information
Company Address: ODTÜ GV Bilgi Teknolojileri San. Ve Tic. A.Ş. (METUnic) Mustafa Kemal Mahallesi Dumlupınar Bulvarı No:280G/1104 Çankaya/ANKARA
E-mail Address: info@metunic.com.tr
Telephone : +90-312-9096628
METUnic is an ICANN Accredited Registrar.
