DATA PROTECTION AND PRIVACY POLICY

1. Purpose

The purpose of this policy is to ensure that personal data processed by the Young Volunteers Association is protected, privacy is maintained, and data processing activities comply with the Turkish Personal Data Protection Law (KVKK) No. 6698 and the EU General Data Protection Regulation (GDPR).

2. Scope

This policy covers all personal data processed regarding:

  • Members
  • Volunteers
  • Children and youth
  • Donors
  • Staff
  • Project participants
  • Website users

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual
  • Special Category Data: Sensitive information such as health, biometric data, ethnic origin
  • Data Processing: Collecting, recording, storing, or transferring data
  • Data Subject: A natural person whose personal data is processed

4. Core Principles

  • Process data lawfully and fairly
  • Collect data for specific, explicit, and legitimate purposes
  • Use data in a limited and proportionate manner
  • Ensure accuracy of data
  • Retain data only as long as necessary
  • Ensure data security

5. Types of Data Processed

  • Identification information (name, surname, etc.)
  • Contact information (phone, email)
  • Education and profession information
  • Visual and audio records
  • Digital usage data (IP, cookies)

6. Special Category Data

  • Health information
  • Sensitive data related to children

These data are processed only:

  • With explicit consent
  • When legally required
  • With additional security measures

7. Purposes of Data Processing

  • Managing volunteer and membership processes
  • Conducting project activities
  • Organizing training and events
  • Communication and information sharing
  • Fulfillment of legal obligations
  • Website and digital platform management

8. Data Collection Methods

  • Website forms
  • Email and phone communication
  • Event and project applications
  • Physical documents
  • Digital platforms

9. Consent and Transparency

  • Data subjects are provided clear and understandable information
  • Explicit consent is obtained when necessary
  • Consent can be withdrawn at any time

10. Data Security

  • Prevent unauthorized access
  • Implement technical and administrative measures
  • Store data in secure systems
  • Train staff and volunteers

11. Data Sharing

  • Under legal obligations
  • With project partners when necessary
  • With authorized public authorities

Sharing with third parties is limited and controlled.

12. Data Retention

  • Data is retained only as long as necessary
  • After the retention period, data is deleted, destroyed, or anonymized

13. Data Subject Rights

  • Access their data
  • Request corrections
  • Request deletion
  • Object to processing
  • Request data portability

14. Children's Data

  • Children's data is protected with special care
  • Parental consent mechanisms applied when necessary
  • Actions comply with the Child Protection Policy

15. Breach Procedure

  • Immediate action in case of data breach
  • Notifications are made as required
  • Risk mitigation measures are taken

16. Cookie Usage

  • Cookies may be used on the website
  • Users are informed
  • Consent is obtained when necessary

17. Responsibilities

Board of Directors: Ensures policy implementation

Data Processors: Act according to rules

All Stakeholders: Ensure data security

18. Training and Awareness

  • Conducts data protection training
  • Informs volunteers and staff

19. Monitoring and Updating

  • Policy is regularly updated
  • Compliance with legislation is monitored

20. Effective Date

This policy takes effect on the date it is approved by the Board of Directors of the Young Volunteers Association.

21. Commitment

The Young Volunteers Association commits to protecting personal data and ensuring privacy in compliance with national and international standards.