ÖZEL ISPARTAKULE SUN ANAOKULU [FULYA KOÇALİ] (the “School”), acting as Data Controller under Law No. 6698 on the Protection of Personal Data (the “Law” / KVKK), the European Union General Data Protection Regulation (“GDPR”) and related legislation, may process your personal data within the framework explained in detail below.
Collection and Processing of Personal Data and Processing Tools
Collection of Personal Data
The personal data you share with our School may be collected verbally, in writing or electronically, by automated or non-automated means, through offices, branches, the call center, the website, social media channels, SMS channels, mobile applications and business/program partners.
Cookies may be used to provide our services better and to tailor content to individual needs and interests. Disabling cookies in your browser does not prevent the use of the services on the website; however, it may lead to certain technical issues. Cookies are also used to collect general and statistical information about the use of the site. Our detailed cookie policy is available on our website.
Personal data may also be collected from digital environments such as the School’s websites, software and applications offered on computers and smart devices, and social media accounts managed by persons authorized to provide services on behalf of the School.
Image recordings of our visitors are captured via camera monitoring systems at the entrances of and inside the buildings and facilities of our School. This monitoring activity is carried out for purposes such as improving service quality, ensuring security, safeguarding the safety of students and other persons, and protecting students’ interests in relation to the services they receive. The detailed privacy notice regarding camera monitoring activities is available on our website.
Processing of Personal Data
The School may process your personal data of special and general categories — above all your health data — for the purposes indicated:
Your Identity Information
Your name, surname, Turkish ID number, passport number or temporary Turkish ID number, place and date of birth, marital status, gender and other identity data that may identify you.
Your Contact Information
Your address, telephone number, email address and other contact details; voice call recordings kept by customer representatives or the call center; data you send to us via email, letter or other channels; and personal data obtained when you contact us.
Family Members and Next-of-Kin Information
Identity information regarding the data subject’s children and spouse.
Your Bank Account Information
Your bank account number, IBAN number, the portion of your credit card information shown on the slip, billing information and other financial data.
Physical Premises Security Information
Data obtained from continuously recorded camera footage around and inside our School building.
Legal Transaction Information
Information requests submitted by judicial and administrative authorities and data arising from audits and inspections; CV and job application data for school employees or candidates; personal data related to employment contracts; and private health insurance and Social Security Institution data for the purpose of financing and planning educational services.
Marketing Information
Data used to improve services or for targeting; cookie records; surveys completed by our parents; letters of thanks and complaints; satisfaction assessments and similar notifications.
Special Categories of Personal Data
Data obtained due to legal requirements or as a necessity of the service provided; race, health data, data on criminal convictions and security measures; biometric data.
Processing of Personal Data of Minors (Children)
The personal data of students enrolled at our School who are under the age of 18 (minors) are processed within the framework of the provisions of the Law and related legislation.
Parental Consent and Responsibility
The explicit consent of the parent or legal representative is required for the child’s personal data to be processed.
Our School obtains written consent from the child’s parent or legal representative and does not carry out any processing outside the scope specified in the consent form. Processing activities relating to the child’s health data are carried out as required by health measures and applicable legislation.
Special Protections for Children’s Health Data
Health information of children enrolled at our School (vaccination status, allergies, chronic illnesses, medication use, dietary restrictions, etc.) is collected and stored securely.
This data is processed in order to protect the child’s health, to enable life-saving interventions in emergencies, and to provide educational services safely.
Access to health data is granted only to authorized school personnel.
The data is processed in accordance with the provisions of the Regulation on the Processing and Privacy of Personal Health Data.
The Child’s Rights
Information about operations concerning the child’s personal data is provided to the child’s parent or legal representative. The parent or legal representative has the right to:
- Learn whether the child’s data is being processed,
- Request the correction of incomplete or inaccurate data,
- Request the deletion of the data.
All requests regarding the child’s data must be made only by the parent or legal representative.
Social Media and Digital Environments
Children’s photographs, videos and other personal data shared on the School’s social media accounts and in AI-based promotional or educational tools are used within the scope of the written consent of the parent or legal representative.
Upon the parent’s request, the child’s image and personal information will not be shared on social media.
Data Security Measures
Children’s personal data is protected under the highest security standards.
Access to the data is limited to authorized personnel within the school.
Data is securely deleted when the purpose of processing ceases to exist or when the statutory retention period expires.
Purposes of Processing Personal Data
The personal data you share may be processed for the following purposes:
- Carrying out the necessary work to enable you and/or the institutions or organizations you represent to benefit from the products and services offered by our School, determining and implementing the School’s commercial and business strategies, and conducting marketing, business development and planning activities, including but not limited to these,
- Ensuring the physical security and supervision of locations used by our School,
- Establishing and conducting relationships with business partners, parents and suppliers (their authorized persons or employees),
- Carrying out contractual requirements and financial reconciliation processes regarding products and services offered together with our business partners, suppliers or other third parties,
- Fulfilling legal and administrative obligations and monitoring human resources policies,
- Carrying out the necessary processes when you call our call center, use our website and/or participate in trainings, seminars or events organized by our School,
- Monitoring the development and educational processes of child students and providing guidance and psychological counseling services,
- Protecting the student’s health and ensuring educational safety,
- Processing students’ visual and audio data within — and transferring such data to — artificial intelligence (AI) tools, applications and systems in order to improve the School’s educational quality, analyze learning processes, develop personalized educational materials, or create AI-based promotional content.
Retention of Personal Data
Your personal data is stored in electronic and/or physical environments. To prevent the personal data obtained and stored by our School from being exposed to unauthorized access, manipulation, loss or damage, the necessary measures are implemented in the design of business processes and the development of the technical security infrastructure.
Your personal data will be processed with all necessary information security measures in place — provided it is not used outside the purpose and scope notified to you — and will be retained for the statutory retention period or, if no such period is prescribed, for the period required by the purpose of processing. At the end of this period, your personal data will be removed from the School’s data flows by deletion, destruction or anonymization.
Our School has adopted the principle of acting lawfully when sharing data with business and solution partners. Data sharing with business and solution partners is carried out under confidentiality undertakings and only to the extent required by the service. These parties are obligated to take the necessary measures regarding data security.
In accordance with Law No. 6563 on the Regulation of Commercial Communications and Electronic Commerce and the related regulations, commercial electronic messages for advertising purposes may only be sent to persons who have given prior approval. The explicit approval of the recipients is mandatory. Our School complies with the approval procedures set out in the applicable legislation. This approval may be obtained in writing in the physical environment or through any means of electronic communication.
If a contractual relationship has been established with our parents or prospective parents, the personal data collected may be used in connection with the purpose of the contract without seeking separate parental approval. However, personal data voluntarily shared by prospective parents is processed to provide them with easier and higher-quality service; if no contractual relationship exists, this data is deleted upon their request.
Data reaching our School is entered into the system only to the extent necessary; excess information is not recorded, and is deleted or anonymized. This data may be used for statistical purposes.
Your personal data listed above may be processed within the framework of Law No. 5580 on Private Education Institutions, Basic Law No. 1739 on National Education, the Regulation on Preschool Education Institutions, the Regulation on the Processing and Privacy of Personal Health Data, the regulations of the Ministry of National Education and other applicable legislation; it may be transferred to physical archives or information systems belonging to laboratories, relevant institutions and organizations and/or our suppliers. Data is kept under protection in both digital and physical environments.
Transfer of Personal Data
Our School may transfer personal data domestically or abroad where the conditions for transfer exist, in accordance with the provisions set out in Articles 8 and 9 of Law No. 6698 on the Protection of Personal Data and the additional rules determined by the Personal Data Protection Board.
The transfer of personal data to third parties within the country may be carried out by our School provided that at least one of the data processing conditions set out in Articles 5 and 6 of the Law exists and the data processing principles are complied with.
The transfer of personal data to third parties abroad may be carried out on the basis of the data processing conditions set out in Articles 5 and 6 of the Law, provided that one of the following conditions is met:
- your explicit consent exists,
- or the data controller in the relevant country provides a written undertaking of adequate protection together with our School, and
- the Personal Data Protection Board authorizes the transfer.
You can find the conditions and detailed information regarding the transfer of your personal data in the “Personal Data Protection and Processing Policy” available on our School’s website.
| Party Shared With | Scope | Purpose of Transfer |
| Business Partner | Parties with whom the School establishes business partnerships while conducting its commercial activities | Sharing of personal data limited to ensuring the fulfilment of the purposes for which the business partnership was established |
| Supplier | Parties providing services for the continuation of the School’s commercial activities, in line with the School’s instructions and based on a contract with the School | Transfer limited to the procurement of outsourced services from the supplier |
| Affiliate | Companies that are affiliates of the School | Transfer of personal data limited to the conduct of commercial activities requiring the participation of affiliates |
| Legally Authorized Public Institution | Public institutions and organizations legally authorized to obtain information and documents from the School | Sharing of personal data limited to the information request purposes of the relevant public institutions and organizations |
| Legally Authorized Private Entity | Private-law persons legally authorized to obtain information and documents from the School | Sharing of data limited to the purpose requested by the relevant private-law persons within their legal authority |
Disposal of Personal Data
Although processed in accordance with the provisions of the applicable law, when the reasons requiring processing cease to exist, our School may delete, destroy or anonymize personal data on its own initiative or upon the request of the data subject.
The deletion and destruction methods we use include:
- Physical destruction,
- Secure software-based deletion,
- Secure deletion with expert support.
Our School may anonymize lawfully processed personal data when the reasons requiring its processing cease to exist. Anonymization of personal data means rendering the data incapable of being associated with an identified or identifiable natural person under any circumstances, even if matched with other data.
Pursuant to Article 28 of Law No. 6698 on the Protection of Personal Data, anonymized personal data may be processed for purposes such as research, planning and statistics. Such processing falls outside the scope of the Law, and the explicit consent of the data subject is not required.
The anonymization methods most frequently used by our School are data masking, aggregation, data derivation and data shuffling.
Detailed information on the methods of disposal of personal data is available in the “Personal Data Retention and Disposal Policy” document on our website.
Cases Where Personal Data May Be Processed Without Explicit Consent (Article 5 of the KVKK)
Pursuant to Article 5 of Law No. 6698 on the Protection of Personal Data, your personal data may be processed without explicit consent in the following cases:
- Where it is expressly provided for by law.
- Where it is necessary for the protection of the life or physical integrity of a person who is unable to give consent due to actual impossibility, or whose consent is not legally valid, or of another person.
- Where it is necessary to process the personal data of the parties to a contract, provided that it is directly related to the conclusion or performance of that contract.
- Where it is necessary for the data controller to fulfil its legal obligations.
- Where the data has been made public by the data subject themselves.
- Where data processing is necessary for the establishment, exercise or protection of a right.
- Where data processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
- Where data processing is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of the financing of health services.
Data Security
Our School attaches great importance to the protection of your personal data. In this context, your personal data is secured against potential risks within our technical and administrative capabilities, in accordance with information security standards and procedures. A security infrastructure of the highest level has been established, particularly for children’s personal data.
Your Rights Regarding the Protection of Your Personal Data
Pursuant to Article 11 of Law No. 6698 on the Protection of Personal Data, you may exercise the following rights regarding your personal data:
- To learn whether your personal data is being processed; if so, to request information about it, and to learn the purpose of processing and whether the data is used in accordance with that purpose,
- To know the third parties to whom personal data is transferred, whether domestically or abroad,
- To request the correction of incompletely or inaccurately processed data,
- To request that operations regarding the correction and/or deletion or destruction of your personal data — where processed incompletely or inaccurately — be notified to the third parties to whom the data has been transferred,
- To object to adverse outcomes that may arise from processing exclusively through automated systems,
- To request compensation for damages in case of loss arising from processing contrary to the Law and applicable legislation.
As the child’s parent or legal representative, you may exercise all of these rights in relation to the child’s personal data.
To exercise your rights, fill in the Data Subject Application Form available on our website and submit it by one of the following methods:
- Delivering it by hand, with a wet-ink signature, to the address of the school from which you received services,
- Sending it by notary or registered return-receipt mail,
- Or sending a Word or PDF file signed with a secure electronic signature to e-posta.
Where you exercise your right to learn whether personal data is processed, to request information if it has been processed, to learn the purpose of processing and whether the data is used in accordance with that purpose, or to know the third parties to whom personal data is transferred domestically or abroad, the information will be provided to you in writing or electronically, free of charge, in a clear and comprehensible manner, as soon as possible and within thirty days at the latest, depending on the nature of your request. However, if the process requires an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Authority.
When evaluating applications, our School first establishes whether the applicant is the genuine rights holder. Where it deems necessary, it may request additional information to better understand the request.
Responses to data subject applications are communicated to you in writing or electronically. If an application is rejected, the grounds for rejection will be explained to you clearly and with reasons.
