Özyeğin University Employee Clarification Document Pursuant to the Law No: 6698 On the Protection of Personal Data

1. Data Controller

This Clarification Document has been prepared by Özyeğin University (hereinafter referred to as the "University") to inform you about the processing, storage, and transfer of your personal data during the provision of our services, within the scope of Law No. 6698 on the Protection of Personal Data (hereinafter Law) and relevant legislation.

Your personal data is processed by Özyeğin University, as the Data Controller, for the purposes explained below.

2. Definitions, Legal Grounds and Reasons for Processing Personal Data

The following personal data of data subjects are obtained by the University through printed or online/electronic forms, personal declarations by data subjects, emails, and website systems.

Identity Information: Name and surname, date of birth, place of birth, gender, nationality, marital status, citizenship, ID number, copy of the ID Card, social security number, registration number, and for foreign nationals: passport number
Contact Information: Phone number, e-mail address, permanent address, emergency contact’s name, surname, and contact details
Personnel Information: Military service status certificate, statement of employment, discharge statement, monthly contribution and service document, social security institution occupation code, cumulative tax base statement issued by the former employer, extract of civil registry record, if available, claims for tax relief, education documents, academic certificates, declarations of family status, position/title
Professional Experience: Academic and administrative resume, foreign language certificates, proof of professional experience
EDP Security: IP Address, MAC Address, Internet Login Information without any transmitted or stored data content, username, password (encrypted), log records Financial Information Bank Details, Salary, Payroll
Audio-Visual Records: Photographs, CCTV Records
Legal Information: Garnishment, or litigation information pertaining to the University or the employment relation,
Health: Health certificate, disability information, blood type
Physical Space Security: Entry-Exit Logs
Criminal Conviction and Security Measures Data: Criminal conviction data, criminal record

Your personal data will be processed by the University in accordance with the purposes and terms stipulated for data processing in Article 5 and 6 of Law No:6698.

• Based on the legal ground that data processing is necessary for the legitimate interests of the data controller, so long as such processing does not harm the fundamental rights and freedoms of the Data Subject (PPDL, Article 5, clause f.2.f);
  • To enable our units to fulfill their roles and responsibilities to help you benefit from the University’s services, to promote the University and its activities, and to offer the relevant individuals access to the University’s goods and services,
  • To inform university students/faculty/staff about academic and administrative processes, and send University-related announcements/daily updates to institutional email addresses via MyOzU, the University’s internal communication channel;
  • To list, report, verify, analyze, and evaluate; to produce statistical and scientific information; to analyze your usage patterns on our website, mobile applications, and other communication channels, and to customize these channels,
  • To set and execute the University’s commercial and business strategies; and to that end, to determine and undertake the University’s financial operations, communication, market research and social responsibility activities, purchasing operations (purchasing requests, bid collection, evaluation, order, budgeting, contract); to perform internal system and application management operations, and to manage the University’s legal operations,
• Based on the legal ground that such processing is necessary for the data controller to fulfill its legal obligations (PPDL, Article 5, clause f.2.ç):
  • To fulfill the educational, inspectional, or any other miscellaneous roles and responsibilities required by the Higher Education Law, the relevant secondary regulations, and the Higher Education Council (YÖK),
  • To meet legal obligations and the demands or requirements of judicial or authorized regulatory bodies including to maintain the safety of life and property of Özyeğin University students/faculty/staff/visitors, to take the necessary measures for public health, or to ensure compliance with the requirements stipulated hereunder,
  • To comply with other obligations for storing, reporting, and providing information stipulated by the legislation, relevant regulatory institutions, and other authorities, or to ensure compliance with the obligations stipulated in the Legislation,
  • To execute court rulings,
  • To fulfill the lawful requests of public bodies and authorized institutions, to provide information as required by the legislation, and to ensure legal compliance,
• Based on the legal ground that processing of personal data of the parties of a contract is necessary, so long as it is directly related to the establishment or performance of the contract (PPDL, Article 5, clause f.2.c):
  • To maintain the teaching-learning, scientific research, publication, and consultancy activities,
  • To perform work, to establish and protect rights, to review commercial and legal processes, to complete the legal compliance process, and to manage financial operations within the framework of the contracts awarded with or ongoing operations performed in cooperation with people or organizations with whom/which the University have business relations,
• Based on the legal ground that data processing is necessary for the establishment, exercise, or protection of any right (PPDL, Article 5, clause f.2.e),
  • To establish the University’s educational rights arising from its educational activities within the scope of the higher education legislation, and the University’s internal/sub-legislations that are in compliance with the law; to prepare and issue ID Cards; and to complete academic and administrative procedures,
• Based on the legal ground that it is expressly provided for by the laws, and is necessary to fulfill legal obligations, and perform the employment contract (PPDL, Article 5, clause f.2.a)
  • To implement the University’s Human Resources policies; and to that end, to make sure that the following operations are performed in accordance with the University’s Human Resources policies:
  • To recruit suitable employees for open positions,
  • To fulfill obligations and take the necessary administrative or legal measures within the framework of the Labor Law, the Social Security Law, and other miscellaneous labor legislations as well as occupational health and safety,
  • To perform the employment contract you signed with our University, and to manage the labor law relationship between the employer and the employee,
  • To manage information security processes, to complete the inspection and professional and publication ethics activities,
  • To approve your leave requests, to display your leave entitlements, to arrange your leaves, and to complete your termination or payroll proceedings,
  • To pay your salaries,
  • To create your personnel file,
  • To complete SSI registrations,
  • To calculate R&D incentives,
• Based on the legal ground that it is necessary to fulfill legal obligations pertaining to employment, occupational health and safety, social security, social services and social aid (PPDL Law, Article 6, clause f.3.b)
  • To take health precautions on the university campus,
  • To conduct internal audit, investigation, and intelligence activities,
  • To report to the authorized persons, institutions, and organizations,
  • To report occupational accidents to legal authorities or to complete occupational health and safety proceedings,
• Based on the legal ground that explicit consent is granted;
  • To use audio-visual records,
  • To share congratulation and/or condolence announcements via MyOzU.

3. Transfer of Processed Personal Data

Your collected and/or recorded personal data will be disclosed to business partners, public service bodies and institutions such as the Higher Education Council, the Social Security Institution, Civil Defense System, Ministry of National Defense, and Turkish Employment Agency (İŞKUR); ministries; legally authorized public institutions such as judicial bodies; and where permitted by the legislations, partner consultants, institutions, third parties, partner organizations, payment system institutions, cloud computing service providers located abroad, private health and life insurance providers, university physicians, checkup institutions and laboratories for the purposes of maintaining the University’s teaching-learning activities, ensuring the legal and commercial security of the people with whom our University has a business relationship, ensuring physical security and inspection both indoors and outdoors at the University’ facilities and buildings, providing you with transportation or vehicles, printing business cards for you, having you registered for parking facilities, providing you with side benefits or additional amenities, sending you gifts or free shipments, undertaking the legal compliance processes, completing financial operations, or determining and executing commercial and business strategies within the framework of the terms and conditions for personal data processing stipulated in Article 8 and 9 of the Law No:6698.

4. Personal Data Collection Methods

Your personal data are collected through written/online applications submitted via websites (including job applications), social media, call centers, printed forms, the inquiry of criminal records, the Social Security registrations, Post Office, internet logs, emails you use at our University, shipments/mail deliveries, references and other similar methods, documents submitted to the authorized units for record keeping purposes, surveillance cameras that ensure physical security, consultancy companies, and channels through which our University contacts you. Collected personal data are kept for a legal period defined by the effective laws.

5. Legal Rights of the Data Owner

You may submit a request regarding your rights as the data owner, using one of the methods explained below. The University will proceed and conclude your request within 30 business days depending on the nature of the request. No fees will be assessed for the response.

On this note, you are entitled to the following regarding your personal data:

• To learn whether or not your personal data has been processed, and if processed, to request information about such processing,
• To inquire the reason for why your personal data is processed and whether or not your data has been used for the intended purposes,
• To know the third persons to whom your personal data has been disclosed at home or abroad as well as the reason and content of such disclosure,
• To have your personal data rectified if it is incomplete or inaccurate, or if the data has already been transferred to third parties, to have such rectifications notified to the respective third party that received the personal data,
• To request the erasure or destruction of your personal data in a case in which the reasons for processing such data are no longer valid, even if such data has been processed in accordance with the provisions of Law No:6698 and other relevant laws, or if the data has already been transferred, to have such erasure/destruction notified to the respective third party that received the personal data,
• To object to any negative consequences that might arise out of or in connection with an analysis performed on the processed personal data, using exclusively automated systems,
• To demand compensation as per effective laws for any losses incurred due to the illegal processing of your personal data.

For your applications and requests regarding your personal data, you can fill out the Data Subject Application Form and submit it through the following channels:

• By mail to the University’s address: “Nişantepe District, Alemdağ/Çekmeköy 34794, Istanbul”, with your physical signature and a copy of your identity card,
• In person with a valid ID card at the University’s address: “Nişantepe District, Alemdağ/Çekmeköy 34794, Istanbul”,
• By email at privacy@ozyegin.edu.tr with your mobile signature or secure electronic signature,
• By email at the University’s registered email address (KEP) at ozyeginuniversitesi@hs1.kep.tr, with your secure electronic signature or mobile signature,
• By email at privacy@ozyegin.edu.tr via your email address registered in the Özyeğin system, with your signature,

As per Communiqué on the Principles and Procedures for the Request to Data Controller, it is mandatory for the Data Subject to include the following information in their application: name, surname, signature if the application is in writing, Turkish identification number (passport number if the applicant is a foreign national), residential or workplace address for notification purposes, electronic mail address for notification purposes, if available, telephone number, fax number, and information regarding the subject of the request.

In their applications submitted to exercise the aforementioned rights, the Data Subject must clearly and explicitly specify the subject matter of the request and provide sufficient information regarding the right they seek to exercise. The required application information and documents must also be included in the application.

The subject of the request must pertain to the applicant personally. If acting on behalf of another, the applicant must be specifically authorized and must provide documentation of such authorization (power of attorney). Furthermore, the application must include the applicant's identity and address information, along with documents verifying the applicant's identity. Requests made by unauthorized third parties on behalf of others will not be considered.