(“Policy”) is to comply with the Law No. 6698 on the Protection of
Personal Data (“Law”), to users of the Sekoya Application, parent users,
parents of prospective students, business partners, suppliers, visitors,
is to specify how to process and protect personal data of employees,
employee candidates, graduates and third parties.
stored within the "Institution" of Sekoya Teknoloji Ticaret Limited
Şirketi; The provisions and principles in the policy apply to all kinds of
sensitive information and documents related to identified or identifiable
natural persons, which can be accessed physically or digitally.
2. Our Commitment
The "Institution" attaches the highest importance to the protection of the
privacy of personal data; undertakes to abide by the following principles:
- Processing personal data in accordance with the law and honesty rules,
- Keeping personal data accurate and up-to-date when necessary,
- Processing personal data for specific, explicit and legitimate purposes,
- Related, limited and measured processing of personal data for the
purpose for which they are processed,
- Keeping personal data for as long as required by the relevant
legislation or for the purpose for which they are processed,
- Enlightening and informing personal data owners,
- Establishing the necessary system for personal data owners to exercise
- Taking the necessary measures in the protection of personal data,
- To act in accordance with the relevant legislation and KVK Board
regulations in the transfer of personal data to third parties in line with
the requirements of the processing purpose.
3. Our Responsibilities under the Law
It acts in accordance with the conditions specified in this Policy,
attaches importance to information security. It acts in accordance with
the rules regarding privacy within the scope of the "Institution". All
known or suspected privacy-related issues are immediately reported to the
3.2. Data Committee
It organizes regular information security training seminars in order to
improve the qualifications and technical knowledge/skills of the employees
and to raise awareness within the scope of the Law. It ensures that the
disciplinary procedures to be applied for employees who violate this
Policy and confidentiality procedures are implemented. It immediately
examines the suspected privacy-related notifications from the employees,
takes precautions and notifies the Personal Data Protection Board if there
is a violation.
3.3. Information Technology Suppliers
The competencies of our business partners, from whom we supply the systems
in which personal data are processed and managed, and the compliance of
the services, applications and services received with the KVKK are
evaluated and controlled by the "Institution".
4. Our Personal Data Processing Rules within the Institution
4.1 Personal Information is processed fairly and lawfully and only
processes and uses data that serves its legitimate business purposes. In
this context; acts enlightening in its relations with students, parents,
prospective students and parents, third parties, suppliers and their
employees, business partners, employees and employee candidates for whom
personal data is processed, and informs them about the purposes for which
they process data.
4.2. Personal Information is used only for the purpose of informing the
party whose personal data is processed. In this context, it processes only
sufficient, relevant and only necessary Personal "Information".
4.3 Except for the purpose, no personal data is collected, requested and
non-essential information is not recorded.
4.4 "Enterprise" ensures that Personal Data is accurate and up-to-date. It
updates its records through the systems in line with the request for a
change in the person's information.
4.5 Personal data is stored only for as long as required by the relevant
legislation or for the purpose for which they are processed. The
institution firstly; determines whether a period is foreseen for the
storage of personal data in the relevant legislation, acts in accordance
with this period if a period is determined, takes into account the legal
and criminal statutes of limitations and stores personal data for the
period required for the purpose for which they are processed. Personal
data is deleted, destroyed or anonymized within the first periodical
period in case the period expires or the reasons requiring its processing
4.6. Through the administrative and technical measures taken by the
Institution, accidental / unauthorized disclosure, theft, damage, natural
disasters such as fire, flood, earthquake, loss, alteration, etc. takes
the necessary measures to protect it from the causes. Makes necessary
4.7 Train employees and parties on information security and privacy
principles and responsibilities, and have confidentiality agreements
signed. Implements the necessary administrative and technical measures.
4.8 In case of transfer, it signs confidentiality agreements with its
suppliers/business partners, ensures that its supplier/business partners
have security measures in accordance with the processes required by the
Law, and performs audits on the relevant company if data is processed by
transferring through systems.
5. Measures Regarding the Security of Your Personal Data
The "Institution" takes necessary measures and audits to ensure
appropriate conditions and minimum security level in order to ensure that
Personal Data is not processed unlawfully, that personal data is not
illegally accessed, and that personal data is preserved, in accordance
with the conditions stated in this Policy with Law No. 6698. . In this
context; ensuring the confidentiality, integrity and accessibility of
personal data and unauthorized access, destruction, use, alteration,
disclosure or loss, etc. In order to protect it against risks, it protects
personal data with appropriate controls and computer systems at
operational, functional and strategic levels.
6. Sanctions for Violation of Policy
In case of violation of this policy, the administrative manager who
notices the violation should be notified immediately. The "Institution"
reserves the right, at its sole discretion, to impose disciplinary
sanctions, terminate employment contracts, suspend or take legal action
against persons who violate the Policy, and to make claims regarding
persons who violate the policy and do not fulfill other requirements
related to the protection of personal data.
The "Institution" makes the sanction decision by considering the
Disciplinary Provisions of the Personnel Regulations and legal conditions.