Privacy Policy

Effective: June, 2025

Thank you for being part of Campus Arc. At Campus Arc, we greatly value your privacy and are committed to protecting your personal data.


This Privacy Policy applies to all types of users of our platform (website and related services) – including students, community leaders/members, company representatives, and instructors – and explains what data we collect, how we use it, with whom we share it, and how we safeguard it.


By using Campus Arc, you agree to this Privacy Policy and its terms. If you do not agree to this Privacy Policy or any other agreement governing your use of Campus Arc, you may not use Campus Arc.


1. Personal Data We Collect and How We Collect It

When you use the Campus Arc platform or sign up as a member, we collect various types of personal data from you through different means. Below are the categories of data we collect, along with explanations and examples:


2. How We Use Personal Data (Purposes of Processing)

We use the personal data we collect for the following purposes:


3. Legal Bases for Processing Personal Data

We process your personal data on one or more of the following legal grounds, as permitted by applicable data protection laws (including KVKK):

Different processing activities may rely on different bases. For example:

Campus Arc will only process personal data when there is a valid legal basis to do so. If we ever need to process your personal data for a new purpose not covered by an existing legal basis, we will notify you and obtain your consent if required.


4. Sharing and Transfers of Personal Data

We do not sell or rent your personal data. However, we may share your personal data with third parties in certain scenarios, consistent with the purposes outlined above and as permitted by law:


5. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website to enhance your experience and to collect usage data for improvement of our services. Our use of cookies is described in detail in our Cookie Policy, but we provide a summary here:


At this time, we utilize only essential cookies on our site. Essential cookies are necessary for the website's core functionality – for example, to keep you logged in during a session or remembering your preferences. These cookies do not require your consent under KVKK or other privacy laws because they are needed for the service you explicitly request (using our site). We do not use these cookies for analytics or advertising purposes.


We may also use third-party tools like Google Analytics, which involve cookies that collect information about how visitors use our site. Google Analytics, for instance, collects data such as your IP address and device information and provides us with aggregated analysis. We have configured Google Analytics to anonymize IP addresses to protect individual privacy. Importantly, we seek your consent for any analytics cookies: when you first visit our site, you will see a cookie notice where you can consent to or decline analytics cookies. We will not load or use such cookies unless you opt in.


As of the latest update of this policy, we do not use any advertising cookies or tracking pixels on our site. If in the future we decide to implement cookies beyond essential and basic analytics, we will update our Cookie Policy and obtain any necessary consents from you as required by law.


You have control over cookies through your browser settings. You can delete or disable cookies, but please note that doing so might affect certain functionalities of our website. For more detailed information on the cookies we use and how to manage them, please refer to our Cookie Policy.


6. Data Security Measures

We employ a range of technical and organizational measures to protect the personal data we hold from unauthorized access, alteration, disclosure, or destruction. Our website uses TLS/SSL encryption to secure data transmission. We store data on secure servers with robust firewall protection and apply access control mechanisms to ensure that only authorized personnel can access personal data (on a need-to-know basis). We also regularly monitor our systems for possible vulnerabilities and attacks, and we test and update our security measures as needed.


Despite our efforts, no website, database, or system is completely secure or "hacker-proof." The security of your data also depends on you. We encourage you to use unique and strong passwords for your Campus Arc account and to keep your login credentials confidential. If you suspect any unauthorized access to your account, please notify us immediately so we can help secure it.


We have a data breach response plan in place. If we ever experience a data breach that affects your personal data, we will promptly notify you and the relevant authorities as required by law (for example, in Türkiye, we would notify the Personal Data Protection Authority, as required by KVKK). We will provide information on the nature of the breach, the data affected, and any steps we have taken or recommend you take to protect yourself. We are committed to transparency and proactive communication in the unlikely event of a security incident.


7. Data Retention Periods

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations. The exact duration for which we keep your data can vary depending on the type of data and the reason we have it. Here is a general overview:

When we no longer have a legitimate need to keep your personal data, we will either delete it or anonymize it (so that it can no longer be associated with you). For example, data that has been aggregated and anonymized may be retained for analytical purposes, but it will no longer be linked to any individual. We also periodically review the data we store, and erase or anonymize data that is no longer needed.


Please note that when you delete your account or specific data, it may not be immediately removed from all our systems. Due to the nature of backups and caching, your data may remain in encrypted backups or stored in secure archives for a certain period until those backups are cycled out or overwritten. We maintain backup systems for reliability and disaster recovery purposes, and removing data from backups is done according to our backup retention schedule. Rest assured, we treat any data in backups with the same level of security and will delete or anonymize backup data as well when we update our backups.


8. Third-Party Links and Integrations

Campus Arc may contain links to third-party websites or integrate third-party services (like a single sign-on feature using a social network account). If you click on a link to a third-party site or use a third-party service via our platform, you will be directed to that third party's website or service. The fact that we link to a site or service is not an endorsement or representation of any affiliation with that third party, nor is it an endorsement of their privacy or security policies or practices.


We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. For example, if a student club on our platform links to their official external website or if a sponsor's link is provided on an event page, any data you provide to or that is collected by that external site is governed by that site's privacy policy, not this one. We strongly encourage you to review the privacy policy of every site you visit or service you use.


If we offer a feature that lets you interact with Campus Arc through a third-party service (for instance, logging in via Google or another platform in the future), any data collected by that third party during such interaction (like your login credentials for that service or profile info shared from that account) will be processed under that third party's terms. We will, of course, only implement such features in a way that respects your privacy (asking for only the minimum necessary data), and we will explain clearly what information would be shared in the process, so you can make an informed decision.


9. International Data Transfers

As mentioned, we may transfer and store your personal data on servers located outside of your home country, including outside of Türkiye. Whenever we transfer personal data out of Türkiye, we ensure that appropriate safeguards are in place to comply with Turkish data protection requirements. For transfers to countries that the Turkish Data Protection Authority has not deemed to provide an adequate level of data protection (which currently includes countries like the United States), our primary basis is your explicit consent obtained in accordance with KVKK.


We inform you of the transfer and possible risks, and we ask for your consent, typically during registration or in the relevant consent form (Açık Rıza Metni). You have the right to refuse or withdraw that consent, although doing so may limit certain functionalities (for example, we might not be able to create an account if we can't use our cloud servers to store your data).


In addition to consent, we also take other measures: we work with reputable service providers that participate in international data protection frameworks or have robust privacy and security certifications (for instance, many of our providers maintain certifications like ISO 27001 and SOC 2). We have data processing agreements in place with them that include standard contractual clauses (as adopted in jurisdictions like the EU) or equivalent, obligating them to protect your data to a high standard, regardless of where it is processed.


Our providers are only allowed to process your data to provide services to us and cannot use it for their own unrelated purposes. It's important to note that when data is stored in a foreign country, it might be subject to that country's laws (for example, in rare cases, government authorities in that country could lawfully request access to data for national security or law enforcement reasons). By giving consent to international transfer, you acknowledge that you understand such potential risks.


We will, however, do everything in our power to select service providers and solutions that minimize these risks and to push back against any unlawful or overbroad request for data (within the bounds of applicable law). If in the future Türkiye's data protection authority or laws allow for transfers under a different mechanism (such as an adequacy decision or approved certification mechanism) we may rely on those. We will update our practices and this policy accordingly when relevant.

10. Your Rights and Choices

Under applicable data protection laws (including KVKK), you have certain rights regarding your personal data. We are committed to honoring your rights and have provided mechanisms for you to exercise them. These rights include:

To exercise any of these rights, you can contact us at contact@campusarc.com. Please clearly state your request and the specific right you wish to exercise. For your protection, we may need to verify your identity before fulfilling your request (especially for access, deletion, or copy requests) to ensure that we do not disclose your data to someone else. Verification might involve confirming that you have access to the email associated with your account or requesting additional information as needed.


We aim to respond to all legitimate requests promptly and in any event within the timeframe required by law (which is generally 30 days under KVKK). If we need more time to respond (due to complexity or number of requests), we will inform you of the reason and extension period.


There may be situations where we cannot fully comply with your request, such as:

We will explain the reasons in our response if we deny any part of your request.


In addition to these rights, you have choices that you can exercise directly:


If you have concerns about how we handle your data or your requests, you have the right to lodge a complaint with the relevant data protection authority. For instance, in Türkiye, the relevant authority is the Personal Data Protection Authority (KVKK). If you reside in the European Economic Area (EEA) or another jurisdiction, you may have the right to file a complaint with your local supervisory authority for data protection. We would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any issues and we will do our best to resolve them.


11. Effective Date and Changes to this Policy

This Privacy Policy is effective as of June, 2025. We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices or to comply with legal requirements. If we make material changes, we will notify you by updating the policy on our website and changing the "last updated" date, and if the changes are significant, we may also notify you via email or through a notice on the Platform.


It's important that you review any updated Privacy Policy, as your continued use of the Platform after the effective date of the changes will be deemed acceptance of those changes. If you do not agree with the changes, you should stop using the Platform and may delete your account. We will always indicate the date the last changes were published and what those changes were, to keep you informed.


In case of any inconsistency between this Privacy Policy and the KVKK-mandated Aydınlatma Metni (the Turkish Privacy Notice) provided to users, the terms of the Aydınlatma Metni will prevail for Turkish users as it contains specific disclosures required under Turkish law. However, both documents are meant to be consistent and complement each other.


If you have any questions or concerns about this Privacy Policy or our data handling practices, you can reach us at contact@campusarc.com. We value your privacy and will continue to take all necessary steps to protect it. Thank you for trusting Campus Arc with your personal data.