As the Data Controller, Middle East Technical University (METU) places great importance on the security of personal data processed in accordance with Law No. 6698 on the Protection of Personal Data (KVKK). To ensure this, all necessary technical and administrative measures are taken, and regular audits are conducted.

Personal data are retained as long as the purpose of data processing remains valid. Appropriate security precautions are implemented to prevent the loss of stored and recorded data, unauthorized access, and unlawful use.

In the processing of personal data, the University adheres to the general principles outlined in Article 4 of the Law, which include:

Compliance with the law and the principles of good faith,

Being accurate and, where necessary, up to date,

Being processed for specific, explicit, and legitimate purposes,

Being relevant, limited, and proportionate to the purposes for which they are processed,

Being retained only for as long as prescribed by relevant legislation or necessary for the purposes for which they are processed.