BIM.PR.28 — Turnstile System

Document NoBİM.PR.28
Version1.0
First Published26.04.2026
Owner GroupNetwork & Security Group + Student Affairs Directorate
CoordinationGeneral Secretariat, Security Directorate
ApproverMehmet ARARAT — IT Director
Legal BasisKVKK Art.5-6, Art.10 · Law No. 5188 (Private Security Services) · TCK Art.135 · ISO/IEC 27001:2022 A.7.2-7.4
Related DocumentsKYS.POL.01 P10 (Physical Security), P26 (Visitor Reception), KYS.POL.03 (KVKK), KYS.POL.05

1. Purpose and Scope

Governs the operation of the turnstile system at Hasan Kalyoncu University campus entry/exit points, the personal data processed, card management, visitor access and KVKK compliance.

2. System Description

A card + mobile QR code hybrid turnstile system is used on campus.

  • Student/Staff card (RFID) → entry by card scan
  • Mobile QR code → dynamic QR via HKU Mobile app

3. Data Processed

Data Source Purpose
National ID Number Matching table (not on card) Identity verification
Student number / Staff registration number Card / QR Access authorisation
Entry/exit timestamp Turnstile Campus security, attendance tracking
Class schedule (student) OBS integrated In-building authorised area control

4. Legal Basis

  • KVKK Art.5/2-ç (expressly required by law: Law No. 5188 Private Security)
  • KVKK Art.5/2-f (legitimate interest: campus security)
  • Privacy notice: https://it.hku.edu.tr/desk-aydinlatma/ and printed at entry points

5. Retention

Under KYS.POL.05 Art.8.1 retention table:

  • Entry/exit records: 2 years (compliant with Law No. 5651, “Operational Security” category)
  • Automatic anonymisation/deletion upon expiry

6. Lost / Stolen Card

User Application Fee
Student Student Affairs Directorate Charged (current tariff)
Staff HR Directorate Per policy

Card is deactivated immediately; a temporary 3-day QR code may be issued.

7. Visitor Access

  • Registration at reception + ID check
  • Single-use temporary QR code (valid 24 hours)
  • Visitor list retained for 6 months (KYS.POL.05 Art.8.1 — Physical Security category)

8. KVKK Data Subject Rights

Under KVKK Art.11, students/staff may request access, correction or deletion of their own entry/exit records. Requests are submitted to kvkk@hku.edu.tr or KEP hasankalyoncu.unv@hs01.kep.tr; the KVKK Commission responds within 30 days.

9. Violation

KYS.POL.04 Art.55. Unauthorised card use, card sharing and creation of fake QR codes may constitute an offence under TCK Art.135.

10. Effective Date

26.04.2026; revised January/July.


Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr

Share