Protection and Processing of Personal Data

Version: 2.0
Updated Date: July 8, 2021

1. Law of Protection of Personal Data

Law of Protection of Personal Data number 6698 was accepted on 24th March, 2016 and published in the Official Gazette number 29677 on 7th April, 2016. Law took effect partially on publishing date, remaining part became effective on 7th October, 2016.

ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. (“Company”) is data controller within the scope of (ı) paragraph of 1st article of 3rd clause of Law of Protection of Personal Data number 6698. The electronical system used by the Company with the aim of data collection and processing within the scope of (ı) paragraph of 1st article of 3rd clause of Law of Protection of Personal Data is Data Recording System. Company collects the personal data for a definite, clear and legitimate reasons and process them in accordance with certain criteria. Within the scope of (ı) paragraph of 1st article of 3rd clause of Law of Protection of Personal Data, both the company as an institution and company employees work as data processor.

2. Aim of the Policy

Policy for Protection of Personal Data is setup to determine the rules and principles about operations and transactions concerning the data storage transactions to be done in ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. Company defines its priority as the processing of the personal data of customers, its employees, employee candidates, service providers, visitors and other third persons in accordance with the Turkish Constitutional Law, international agreements, Law of Protection of Personal Data number 6698 and other related regulations and rendering the related persons to use of their rights properly. Operations and transactions about the storage and deletion of personal data is realized in accordance with the Policy set up by the Company for this aim.

3. Scope of the Policy

Personal data of customers, its employees, employee candidates, service providers, visitors and other third persons are within the scope of this Policy and this Policy applies for all actions and in all recording mediums about processing personal data owned and managed by the Company.

4. Definitions

Anonymization : Depersonalizing of the personal data by linking them with other data so that they cannot be associated with a definite or identifiable Real Person by no means.

Open Consent: Consent expressed with free will about a definite topic depending on clarification.

Related Person: Real person of whose personal data is processed.

Personal Data: Any kind of data about a person whose identity is definite or identifiable.

Processing of Personal Data: Any kind of transaction made with the personal data; such as collection, recording, storage, conservation, change, rearrangement, declarance, transfer, taking over, rendering available, classification or preventing the use of data completely or partially with automatical or manual ways.

Data Processor: Real or corporate authorized person who processes the personal data in the name of the data controller.

Data Recording System: Recoring system in which the personal data are processed in accordance with certain criteria.

Data Controller: Real or corporate person who determines the purposes and ways of personal data processing and is responsible for the establishment and management of data recording system.

Law/KVKK: Law of Protection of Personal Data number 6698.

Deletion of Personal Data: Deletion of personal data; rendering the personal data non-accessible and unusable by Related Users.

Disposal of Personal Data:Rendering the personal data non-accessible, non-restorable and unusable by anyone, anyway.

Special Quality Personal Data: Data of the real persons about race, ethnic background, political thought, philosophical beliefs, religion, sect or other beliefs, appearance, organization membership, health condition, sexual life, punishment conviction, safety precaution and biometric and genetic data.

5. Processing of Personal Data

ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. processes personal data of real persons in accordance with the 4th and 5th clauses of KVKK. Within this scope, it collects and processes the personal data of its customers, employees and other real persons who are connected in a business relationship. ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. is responsible to process and protect the personal data of the related real persons within the scope of Law of Protection of Personal Data number 6698 and related regulations.

Company processes the personal data within the scope of (a) (b) (c) (ç) and (d) paragraphs of 1st article of 4th clause of Law of Protection of Personal Data.

Company collects and processes the personal data in accorance with the rules below;

Processing in compliance with the Law and rule of Honesty: While processing the personal data, Company acts in accordance with the principles adopted with the legal regulations and general trust and honesty rules. Within this scope, Company does not use the personal data except from the determined processing purposes.

Ensuring the Accuracy and Actuality of the Personal Data When Required: Company provides the accuracy and actuality of the personal data it processes considering the basic rights and legitimate interests of the personal data owners.

Processing for Definite, Clear and Legitimate Purposes: Company defines its legitimate and lawful purpose for personal data processing explicitly and accurately. Company processes the personal data as much as and as long as it is required and related with providing domain name and other services.

To be Moderate, Limited and Related with the Processing Purpose: Company processes the personal data convenient for the realization of the determined purposes and avoids processing of the personal data which is not related or required for the realization of the defined purpose.

Storing as Long as it is Prescribed by the Related Regulations or Required for the Purpose it is Processed for: Company stores the personal info only for a period of time required for the processing purpose or prescribed in the regulations at most. In the case of expiration or disappearance of the reasons to process the data, Company deletes, destroys or anonimize the personal data.

Personal data and documents collected for domain name transactions and other transactions are stored in the database and backup system for the duration it is required to be presented to Turkish Courts in a case of a dispute.

6. Enlightening and Informing of the Personal Data Owner

Company enlightens the personal data owners while collecting the personal data in accordance with the 10th clause of Law of Protection of Personal Data. A copy of general clarification text is also available on www.metunic.com.tr. Within this scope, Company enlightens the personal data owner about the identity of the data controller, identity of the representative if available, purpose of the data process, with whom and for which purpose the personal info can be shared, method and legal cause of personal data collection and rights of the personal data owner considering the nature of the data owner and data processing procedure.

Cookies policy, general clarification text, privacy policy, open consent and enlightment texts together with this policy text can be found on the company website.

7. Deletion, Transfer and Anonymization of Personal Data

The personal data collected and processed by ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. should be deleted or anonymized within certain time duration as required by the Law of Protection of Personal Data and Regulation About Deletion, Disposal or Anonymization of Personal Data. Storage durations may vary depending on the operation to be carried and nature of the data.

In domain name registration processes, personal data, institutions, organizations and persons permitted by the provisions of the legislation; other third parties; our resident business partners at home and/or abroad, and the organizations we receive services from to carry out our company activities; it can be shared directly and/or indirectly with public institutions and organizations that we are legally liable for.

In accordance with the legislation to which our institution is subject, the relevant data can be transferred with the persons and institutions that have been given permission to request and obtain, within the framework of the personal data processing conditions and purposes specified in 8 and 9th Clause of KVKK.

Personal data can be shared with the new panel officer due to the inter-account transfer transactions to be made by the customer panel officer.

8. Data Owner Rights

Rights of the real persons whose personal data is processed in accordance with the 11th Clause of KVKK are as belows;

To learn whether the personal data is processed or not; to request information if the personal data is processed; to learn the purpose of the processing of the personal data and whether the data is used for the determined purpose; to be informed about the third persons in or outside the country with whom the personal data is shared; to request the editing of the personal data if they are missing or faulty and to request the Company to inform the third parties about the correction; to request the deletion or disposal of the personal data, even if it is processed in accordance with the KVKK or other legal regulations, in the case of dissappearance of the reasons to process the data and request the Company to inform the third parties about the transaction; to object to a disadvantegous result arising from the analysis of the processed data by means of automatical systems; to demand the compensation of the loss in case of suffering a loss due to the illegal processing of the personal data.

You can apply to ODTÜ Geliştirme Vakfı Bilgi Teknolojileri San. Ve Tic. A.Ş. to use your rights stated above by writing a letter including your contact information. Your request will be concluded within 30 (Thirty) days at the latest.

9. Contact Information

Company Address: ODTÜ GV Bilgi Teknolojileri San. Ve Tic. A.Ş. (METUnic) Teknokent Gümüş Blok No:29 Çankaya/ANKARA
E-mail Address: info@metunic.com.tr
Telephone : +90-312-9096628