IICS Sites & Social Networking

 

IICS Sites & Social Networking

Protection-and-Processing-of-Personal-Data

CLARIFICATION TEXT AND INFORMATION FORM FOR PROTECTION AND PROCESSING OF PERSONAL DATA FOR ALL EDUCATION UNITS OF ISTANBUL INTERNATIONAL COMMUNITY SCHOOL 
 
This Clarification Text (also hereinafter shortly referred to as the Policy) has been prepared to provide elucidation regarding the protection and processing of the personal data on the part of all education units of İstanbul International Community School Eğitim ve Öğretim A.Ş. (İstanbul International Community School) (hereinafter referred to as the Institution collectively) to persons, whose personal data are processed.
 
With this Clarification Text, we aim to ensure transparency by informing persons, whose personal data are processed by our Institution, especially including students, graduates, students’ parents, potential students and their parents, our candidate employees and current employees, our visitors, employees of the institutions with which we corporate, and any other related third parties, pursuant to the Law on the Protection of Personal Data No. 6698 published in the Official Gazette, dated April 7, 2016 (hereinafter referred to as the "Law") and no. 29677. The Policy was established and arranged in accordance with the rules laid down under the relevant legislation and embodied in the context of Istanbul International Community School practices. In case of any discrepancy between the Legislation and the Policy in terms of processing and protection of personal data, the relevant legislation in force shall prevail. In case of any discrepancy between the text in Turkish, i.e. the main language of the Policy, and its translation into English, then the Turkish text should be taken into consideration.
 
1. ELUCIDATION AND INFORMATION OF THE PERSONAL DATA SUBJECT
 
In accordance with the Article 10 of the Law, our Institution elucidates personal data subjects during the acquisition of personal data. Within this scope, our Institution elucidates personal data subjects on our corporate identity, the purpose for which personal data will be processed, to whom and for which purposes the data processed may be transferred, and method and legal reason of collecting personal data, the rights to which the personal data subject is lawfully entitled pursuant to the Article 11 of the Law.
 
2 - CONSIDERATIONS FOR THE PROTECTION OF PERSONAL DATA
 
Our Institution takes the necessary technical and administrative measures in order to prevent unlawful processing of personal data, and unlawful access to data, as well as to ensure proper security level for retaining data, under the Article 12 of the Law.
 
The policy is published and announced to the public and to the persons concerned on our Institution’s website (http://www.iics-k12.net). This Policy is issued by our Institution on 31.06.2018. In case of any renewal of the entirety or certain items of the Policy, the date when they are published on our website shall be the effective date of the renewed items or sections.

 

  • ENSURING PERSONAL DATA SECURITY

 
Our institution takes the necessary legal, technical and administrative measures regarding the data security, and demonstrates utmost care for in this regard. The actions and measures taken by our Institution to ensure "data security" in accordance with Article 12 of the Law are stated hereunder.
 
• Our Institution takes any technical and administrative measures according to the technological capabilities and the cost of application in order to ensure lawful processing of personal data. Personnel is informed that they may not disclose any personal data they learn to any third party, or use them for any purpose other than the purpose of processing in breach of the provisions of the Law and that such obligation will survive their dismissal from the relevant position, and the necessary undertakings are obtained from such personnel accordingly.
 
• In order to prevent imprudent or unauthorized disclosure of, access to, transfer of or any other unlawful access to the personal data, our Institution takes technical and administrative measures depending on the nature of the data to be protected, the technological capabilities and the cost of application.
 
• Our Institution takes contractual measures in relation to the data processors, such as business partners and suppliers, to whom personal data are transferred, in order to prevent unlawful processing of personal data and unlawful access to data as well as to ensure lawful maintenance of such data.
 
• Our Institution takes technical and administrative measures depending on the technological capabilities and cost of application in order to ensure storage of personal data on secure media and prevent destruction, loss or modification of them for unlawful purposes.
 
2.2. RESPECTING THE RIGHTS OF THE DATA SUBJECT, DEVELOPMENT OF CHANNELS FOR CONVEYING REQUESTS TO OUR INSTITUTION, AND EVALUATION OF THE REQUESTS OF THE DATA SUBJECTS
 
In accordance with the Article 13 of the Law, our Institution operates the channels and the internal mechanisms, and makes the administrative and technical arrangements necessary to protect the rights of personal data subjects and to convey the required information to the personal data subjects.
 
Provided that the personal data subjects submit their claims in writing in relation to their rights as listed below to our Institution, our Institution concludes such claim free of any charge as soon as possible and at the latest within thirty days, depending on the nature of claim. However, in case the process requires any additional cost, our Institution shall charge the fee as specified by the Board of Protection of Personal Data (hereinafter referred to as the BPPD).
 
Personal data subjects have the right;
• to learn whether or not their personal data have been processed;
 
• to request information on the procedure, if personal data have been processed,
 
• to obtain information on the purpose of processing personal data and to learn whether personal data have been used in accordance with such purpose,
 
• to obtain information about the third persons to whom personal data were communicated domestically or abroad,
 
• if personal data have been processed in an incomplete and wrongful manner, to request remedy of the same, and to request that the third parties to whom personal data are transferred are also informed about the transaction executed in this regard,
 
• in cases where, the reasons requiring the personal data to be processed disappear, although they have been processed pursuant to the provisions of the Law and the other relevant laws, to request that their personal data are deleted or destroyed, and the third parties to whom personal data are transferred are also informed about the transaction executed in this regard,
 
• to object to the occurrence of any result, which is detrimental to the person concerned,
as a result of the analysis of the processed data exclusively through automatic system,
 
• in case any damages are incurred as a result of illegal processing of personal data, to request indemnification of damages.
 
You must submit your request for the exercise of the abovementioned rights to our Institution “in writing” or by any other methods determined by the BPPD in accordance with the Article 13§1 of the Law. If you submit your request to exercise any of your rights as specified above to our Institution together with the information necessary to determine your identity and your explanations as to your exercise of any of your rights, also specifying which of your rights under the Article 11 of the Law you wish to exercise, it would ensure that your Request would be responded more quickly and more effectively. 
 
As for your applications with the purposes of exercising your rights under the Article 11 of the Law, we explain below the channels and procedures by which you may convey your applications.
 
For your request including your explanations regarding your rights as specified in the Article 11 of the Law, after filling in the application form at http://www.iics-k12.net/component/content/article/60-about-us/581-information-request-on-protection-of-personal-data-law, you may deliver a signed copy of such form along with your identification documents either in person by hand, or via a notary public, or by any other method specified under the Law, to Nafibaba Sok. No:6 Sarıyer 34471 Istanbul Turkey, or you may e-mail the relevant form to iicshool@hs01.kep.tr  with secured e-signature.
 
2.3. PROTECTION OF PRIVATE PERSONAL DATA
 
As per the Law, data in relation to race, ethnic origin, political opinion, philosophic belief, religion, sect or other beliefs, appearance, membership to associations, foundations or unions, health, sexual life, imprisonment and security measures, and biometric and genetic data are defined as private personal data.
 
Our Institution takes utmost care towards protection of the private personal data that is defined as “of private nature” by the Law and processed in accordance with law. In this regard, our Institution implements any technical and administrative measures determined for the protection of personal data with regard to private personal data with care and any required inspections are made internally.
 
3– CONSIDERATIONS ON PROCESSING OF PERSONAL DATA
 
Our Institution performs processing of personal data in accordance with the Article 20 of the Constitution and the Article 4 of the Law, in compliance with the law and good faith principles, by pursuing accurate and when necessary up-to-date, and specific, explicit and legitimate goals, and in a manner that is related and limited with the relevant goal, and by acting proportionately. Our Institution stores personal data for a time as stipulated by the legislation or as required by the purpose of processing of personal data.
 
Our Institution processes personal data on the basis of one or more of the conditions as set out in the Article 5 of the Law on processing personal data.
 
Our Institution complies with the regulations stipulated for processing of the private personal data in accordance with the Article 6 of the Law. In accordance with the Articles 8 and 9 of the Law, our Institution complies with the regulations stipulated in the law with respect to the transfer of personal data, and indicated by the PPD.
 
3.1. PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH THE PRINCIPLES STIPULATED BY THE LEGISLATION
 
In processing of personal data, our Institution is committed to the principles of processing personal data in accordance with the law and the principle of honesty, ensuring that the personal data is accurate and up-to-date when necessary, processing them with specific, explicit and legitimate goals, and storing them for the period as stipulated in the relevant legislation or the period required for the purpose of processing thereof.
 
3.2. PROCESSING OF PERSONAL DATA BASED ON AND LIMITED TO ONE OR SEVERAL OF THE CONDITIONS FOR PROCESSING PERSONAL DATA AS STIPULATED UNDER THE ARTICLE 5 OF THE LAW
 
Our Institution acts in accordance with the general principles set out in the Article 20 of our Constitution and the Article 4 of the Law for all kinds of personal data processing activities.
 
3.4. TRANSFER OF PERSONAL DATA
 
Our Institution may transfer the personal data and private personal data of personal data subjects to third parties (third party companies, entities or third party real persons) to the extent necessary to ensure the education and service standards and to ensure their continuity in line with personal data processing purposes and by taking the necessary security measures, acting in compliance with the regulations as stipulated under the Article 8 of the Law.
 
(i) Transfer of Personal Data to Abroad
 
Our institution may transfer the personal data and private personal data of personal data subjects to third parties within the scope of education and training requirements, lawfully, and by taking the necessary security measures.
 
Personal data may be transferred by our Institution to such foreign countries, which are declared by the BPPD  to have sufficient level of protection (“Foreign Country with Sufficient Level of Protection”), or in cases where sufficient level of protection does not exist, to the third persons who are resident in such foreign countries that the data supervisors in Turkey and in the relevant foreign country have given an undertaking in writing about establishing   the sufficient level of protection and for which the BPPD has given permission (“Foreign Country with Data Supervisor Responsible for the Sufficient Protection”). In this regard, our Institution complies with the regulations set out in the Article 9 of the Law.
 
3.4. BUILDING AND FACILITY ENTRANCES, PERSONAL DATA PROCESSING ACTIVITIES IN BUILDINGS AND FACILITIES, AND WEBSITE VISITORS
 
In order to ensure the security of students, parents, employees and campus on the part of our Institution, surveillance operation with security camera and personal data processing activities for the follow-up of the guest entries and exits are carried out in the campus entrances and exits, in the buildings and facilities. Our Institution carries out personal data processing activities through the use of security cameras and recording of the guest entries and exits. Our Institution takes imagery data recording of our guests via the camera and monitoring system at the building and the facility entrances and within the facility.
 
The camera and monitoring activities by our Institution are carried out in accordance with the Law on Private Security Services and the respective legislations.
 
Only a limited number of Institution employees have access to the records and the images stored and maintained in the electronic medium. On the other hand, live camera images can be viewed by the security officers of the company to which such services are outsourced. The limited number of persons who have access to such records represent that they will protect the confidentiality of the data they obtain by signing confidentiality undertakings.
 
In accordance with the Article 12 of the Law, our Institution takes the necessary technical and administrative measures required to ensure the security of the personal data obtained as a result of surveillance with the camera.
 
Except for the abovementioned camera record, our Institution processes personal data regarding the follow-up of the guest entries and exits in our buildings and facilities in order to provide data security and for the purposes set out in this Policy.
 
3.5. CONDITIONS FOR DELETION, ELIMINATION AND ANONYMIZATION OF THE PERSONAL DATA
 
In the event that the reasons, which require data processing to be carried out, cease to exist, personal data shall be deleted, eliminated or anonymized based on the decision of the Institution or on the request of the personal data subject, as stipulated in the Article 138 of the Turkish Criminal Code No. 5237 and the Article 7 of the Law No. 6098.
 
In order to fulfill its obligation in this regard, our Institution internally has taken the necessary technical and administrative measures and has developed the necessary operating mechanisms, and it trains and employs the relevant business units and raises their awareness in accordance with such obligations.
 
Personal data subjects are elucidated in this regard when full name of the persons visiting our Institution’s premises are obtained, or by means of the texts which are placed on the boards of our Institution or otherwise are accessible to the guests. The data obtained in order to perform guest entry-exit follow-up is only processed for this purpose or the relevant personal data are recorded in the data recording system in the physical environment.
 
As for our corporate web sites, Internet traffic within the website are recorded through technical means (for example, cookies, etc.) in order to ensure that persons who visit these websites make their visits in accordance with their visiting purposes, provide them with customized contents demonstrations, and carry out online advertising activities.
 

The detailed information related with the protection and processing of personal data in connection with these activities carried out by our Institution are included in the texts of the "Website Privacy Policy" of the relevant websites.

Apply Today

 
 

IICS Newsletter

Welcome to the IICS Newsletter Subscription Option. To receive our news and updates click subscribe..

Subscribe

If you wish to subscribe to our newsletter please click the subscribe button .
Receive
IICS compatible