1. Identity of the Data Controller

Sayın İlgili, GRC LEGAL Hukuk Bürosu ve Danışmanlık Hizmetleri (Av. Mehmet ŞAHİN, VKN: 7930289436) (“GRC LEGAL” veya “Büro”) olarak, 6698 sayılı Kişisel Verilerin Korunması Kanunu’na (“Kanun”) uygun kalmak kaydıyla internet sitemizden doldurduğunuz İletişim Formu aracılığıyla otomatik yolla toplanan kimlik veri kategorisinde yer alan ad, soy ad, iletişim veri kategorisinde yer alan e-posta adresi ile mesleki deneyim veri kategorisinde yer alan şirket/kurum bilgisi tipindeki kişisel verileriniz aşağıda sayılı amaçlar ve sebepler dahilinde işlenmektedir.  


  1. Purposes and Legal Grounds for Processing Personal Data


Processing Purpose

Legal Reason


Meeting your complaints, suggestions or all kinds of requests,

– That you can be contacted,

– To be able to give information about office services,

– Execution of risk management processes,

– Ensuring the security of data controller operations,

– Receiving and evaluating suggestions for the improvement of business processes.

Pursuant to subparagraphs 5/2/c-f of the Law; provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract, and data processing is mandatory for the legitimate interest of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned


Professional Experience

  1. Transfer of Personal Data and Purposes of Transfer

Transfer Channel

Transfer Purpose

Legal Reason

Service provider business partners and suppliers authorised as data processors

Carrying out client relationship management processes and activities for client satisfaction, responding to requests and complaints

With reference to Art. 8/2/a of the Law; provided that it is directly related to the conclusion or performance of a contract, it is necessary to transfer the personal data of the parties to the contract.

If necessary, to authorised public institutions and organisations

Providing information to authorised persons, institutions and organisations and ensuring the security of data controller operations

With reference to Art. 8/2/a of the Law; It is mandatory for the data controller to fulfil its legal obligation.

  1. Related Person Rights

You may, at any time, contact GRC LEGAL to obtain the remedies arising from Article 11 of the Law: a) b) to learn whether personal data has been processed, c) to learn the purpose of processing personal data and whether personal data is used in accordance with its purpose, ç) to know the third parties to whom personal data is transferred domestically or abroad, d) to request correction of personal data in case of incomplete or incorrect processing, e) to request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7. f) to request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred, g) to object to the occurrence of a result against the person himself/herself by analysing the processed data exclusively through automated systems, ğ) In the event that personal data is damaged due to unlawful processing of personal data, you can request the compensation of the damage; You can request your rights.

You may submit your requests regarding your rights and the application of the Law by filling out the application form available at www.grc-legal.com or by us or by submitting the following minimum requirements; (i) You may submit your requests in wet signed form to “Gayrettepe, Yıldız Posta Cad. No:14 Emel Apt. 2/202 Beşiktaş/İstanbul” via notary public, by registered mail with return receipt requested at your discretion for ease of proof, or by your personal application, (ii) By sending an e-mail to kvkk@grc-legal.com using the e-mail address notified to the Office by you.

In the application that you have as a personal data owner and that you will make in order to exercise your rights mentioned above and that includes your explanations regarding the right you request to exercise; the matter you request must be clear and understandable, the subject you request must be related to your person or if you are acting on behalf of someone else, you will need to submit your special power of attorney certified by a notary public in this regard.

In accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller”, it is mandatory to include the following elements in your applications: name-surname, signature, Turkish ID number (nationality, passport number or ID number, if any, for foreigners), residential or workplace address for notification, e-mail address, telephone and fax number, subject of request. Applications that do not contain such elements will be rejected by GRC LEGAL and/or directed to valid application channels.

GRC LEGAL always reserves the right to make changes in this disclosure text for reasons arising from the Law, secondary regulations and Board decisions. The amendments to be made in the clarification text and the current text shall become effective immediately as of the date of notification to you.



This text was updated on 18.03.2024.