PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA

1. Purpose and Scope of Privacy Policy

The purpose of the Privacy Policy on the Processing of Personal Data (“Policy”) is to comply with the Law No. 6698 on the Protection of Personal Data (“Law”), to users of the Sekoya Application, parent users, parents of prospective students, business partners, suppliers, visitors, is to specify how to process and protect personal data of employees, employee candidates, graduates and third parties.

Our Privacy Policy covers all personal data processed, transferred and stored within the "Institution" of Sekoya Teknoloji Ticaret Limited Şirketi; The provisions and principles in the policy apply to all kinds of sensitive information and documents related to identified or identifiable natural persons, which can be accessed physically or digitally.

2. Our Commitment

The "Institution" attaches the highest importance to the protection of the privacy of personal data; undertakes to abide by the following principles:

- Processing personal data in accordance with the law and honesty rules,

- Keeping personal data accurate and up-to-date when necessary,

- Processing personal data for specific, explicit and legitimate purposes,

- Related, limited and measured processing of personal data for the purpose for which they are processed,

- Keeping personal data for as long as required by the relevant legislation or for the purpose for which they are processed,

- Enlightening and informing personal data owners,

- Establishing the necessary system for personal data owners to exercise their rights,

- Taking the necessary measures in the protection of personal data,

- To act in accordance with the relevant legislation and KVK Board regulations in the transfer of personal data to third parties in line with the requirements of the processing purpose.

3. Our Responsibilities under the Law

3.1. Employees

It acts in accordance with the conditions specified in this Policy, attaches importance to information security. It acts in accordance with the rules regarding privacy within the scope of the "Institution". All known or suspected privacy-related issues are immediately reported to the Data Committee.

3.2. Data Committee

It organizes regular information security training seminars in order to improve the qualifications and technical knowledge/skills of the employees and to raise awareness within the scope of the Law. It ensures that the disciplinary procedures to be applied for employees who violate this Policy and confidentiality procedures are implemented. It immediately examines the suspected privacy-related notifications from the employees, takes precautions and notifies the Personal Data Protection Board if there is a violation.

3.3. Information Technology Suppliers

The competencies of our business partners, from whom we supply the systems in which personal data are processed and managed, and the compliance of the services, applications and services received with the KVKK are evaluated and controlled by the "Institution".

4. Our Personal Data Processing Rules within the Institution

4.1 Personal Information is processed fairly and lawfully and only processes and uses data that serves its legitimate business purposes. In this context; acts enlightening in its relations with students, parents, prospective students and parents, third parties, suppliers and their employees, business partners, employees and employee candidates for whom personal data is processed, and informs them about the purposes for which they process data.

4.2. Personal Information is used only for the purpose of informing the party whose personal data is processed. In this context, it processes only sufficient, relevant and only necessary Personal "Information".

4.3 Except for the purpose, no personal data is collected, requested and non-essential information is not recorded.

4.4 "Enterprise" ensures that Personal Data is accurate and up-to-date. It updates its records through the systems in line with the request for a change in the person's information.

4.5 Personal data is stored only for as long as required by the relevant legislation or for the purpose for which they are processed. The institution firstly; determines whether a period is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, takes into account the legal and criminal statutes of limitations and stores personal data for the period required for the purpose for which they are processed. Personal data is deleted, destroyed or anonymized within the first periodical period in case the period expires or the reasons requiring its processing disappear.

4.6. Through the administrative and technical measures taken by the Institution, accidental / unauthorized disclosure, theft, damage, natural disasters such as fire, flood, earthquake, loss, alteration, etc. takes the necessary measures to protect it from the causes. Makes necessary system backups.

4.7 Train employees and parties on information security and privacy principles and responsibilities, and have confidentiality agreements signed. Implements the necessary administrative and technical measures.

4.8 In case of transfer, it signs confidentiality agreements with its suppliers/business partners, ensures that its supplier/business partners have security measures in accordance with the processes required by the Law, and performs audits on the relevant company if data is processed by transferring through systems.

5. Measures Regarding the Security of Your Personal Data

The "Institution" takes necessary measures and audits to ensure appropriate conditions and minimum security level in order to ensure that Personal Data is not processed unlawfully, that personal data is not illegally accessed, and that personal data is preserved, in accordance with the conditions stated in this Policy with Law No. 6698. . In this context; ensuring the confidentiality, integrity and accessibility of personal data and unauthorized access, destruction, use, alteration, disclosure or loss, etc. In order to protect it against risks, it protects personal data with appropriate controls and computer systems at operational, functional and strategic levels.

6. Sanctions for Violation of Policy

In case of violation of this policy, the administrative manager who notices the violation should be notified immediately. The "Institution" reserves the right, at its sole discretion, to impose disciplinary sanctions, terminate employment contracts, suspend or take legal action against persons who violate the Policy, and to make claims regarding persons who violate the policy and do not fulfill other requirements related to the protection of personal data.

The "Institution" makes the sanction decision by considering the Disciplinary Provisions of the Personnel Regulations and legal conditions.