GENERAL DISCLOSURE TEXT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

“Gayrettepe, Yıldız Posta Cad. No:14 Emel Apt. 2/202 Beşiktaş/İstanbul” (Av. Mehmet Şahin, VKN: 7930289436) (“GRC LEGAL” or “Office”), we show maximum sensitivity to the security of your personal data. With this awareness, we attach great importance to the processing and preservation of personal data belonging to natural persons with whom we interact in accordance with the Law No. 6698 on the Protection of Personal Data (“Law” or “KVKK”), secondary regulations (regulations, communiqués, etc.) and binding decisions taken by the Personal Data Protection Board.

With the full realisation of this responsibility, in the capacity of “Data Controller” as defined in the Law, we process your personal data as explained below and within the limits prescribed by the legislation; by providing all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to ensure the protection of personal data.

With this clarification text, GRC LEGAL aims to announce the personal data of the relevant persons with whom it is in contact while performing its main field of activity on its website in full compliance with the principle of transparency, and with this text, GRC LEGAL makes a clarification notification within the scope of personal data processing activities within the scope of its main activity and business activities.

  1. Information on the Data Controller

As a law firm with an international vision and a functioning corporate culture, GRC LEGAL, under the leadership of its founder Av. Mehmet Şahin and with its competent staff, helps its clients and clients to achieve their growing future in a way that can be developed and strengthened with objective, accountable, effective, efficient and effective legal consultancy and advocacy services.

  1. Purposes of Processing Personal Data

Your personal data are processed by the Office for the purposes listed below within the framework of the limits specified in the Law, in accordance with the law, honesty rules and always in connection, limited and measured manner for these purposes;

  • Carrying out the necessary work by GRC LEGAL’s business units in order to fulfil the commercial activities carried out by the Office in accordance with the legislation and GRC LEGAL policies and carrying out activities in this direction,
  • Determining, planning and implementing the short, medium and long term commercial policies of the Bureau,
  • Managing customer relations, corporate communication and information security processes,
  • Ensuring the commercial and legal security of real and legal persons with whom GRC LEGAL has a business relationship, providing legal counselling services,
  • Execution of service sales processes and consultancy services,
  • Carrying out business and business continuity activities and service production & operation processes,
  • Carrying out the processes of risk management and ensuring the security of data controller operations.
  1. Method and Legal Grounds for Collection of Personal Data

Your personal data is processed by GRC LEGAL directly from the information transmitted by you verbally, in writing or electronically, through the website and similar applications and software used within the scope of GRC LEGAL activities; fully or partially automatically or non-automatically, provided that it is part of any data recording system.

In this context, the personal data of general nature classified below are processed based on the legal reasons listed in Article 5 paragraph 2 of the Law. While creating the following classification, both the execution of GRC LEGAL business processes and the execution of GRC LEGAL website activities have been taken into consideration, and the necessary clarifications and/or consent notifications for each process and operation of GRC LEGAL are notified to the relevant groups of persons in the form of gradual clarification or by various means.

 

Data Category

Data Type

Legal grounds for processing

1.

Identity

Name-surname, parents’ name, mother’s maiden name, date of birth, place of birth, marital status, Turkish ID number, passport number, age, place of registration, photograph, nationality-citizenship information, gender, signature

It is processed on the basis of the legal grounds set out in Article 5/2 of the LPPD; a) it is explicitly stipulated by law, c) it is mandatory to process personal data belonging to the parties to the contract due to the fact that it is directly related to the establishment or performance of a contract, ç) data processing is mandatory for the data controller to fulfil its legal obligation, d) it is publicised by the data subject himself/herself.

2.

Contact

Address, e-mail address, telephone number

3.

Legal Action

Information in correspondence with judicial authorities, information in the case file, warrants, wage attachment information, legal proceedings information, enforcement proceedings information, intellectual and industrial rights information, property information.

As stipulated in Article 5/2 of the LPPD; a) it is explicitly stipulated in the laws, c) it is mandatory to process personal data of the parties to a contract due to the fact that it is directly related to the establishment or performance of a contract, ç) data processing is mandatory for the data controller to fulfil its legal obligation.

4.

Customer Transaction

(Client/Client Data)

Invoice, bill, cheque information, personal data obtained in relation to clients, employees or other notified persons of clients or consultants

It is processed on the basis of the legal grounds set out in Article 5/2 of the LPPD; a) it is expressly stipulated by law, c) it is mandatory to process personal data belonging to the parties to the contract due to the fact that it is directly related to the establishment or performance of a contract, ç) data processing is mandatory for the data controller to fulfil its legal obligation.

5.

Process Security

IP address information, website login-exit information, log records.

It is processed on the basis of the legal reason that data processing is mandatory for the legitimate interests of the Office, provided that it does not harm the fundamental rights and freedoms of the person concerned, which is stated in Article 5/2/f of the PDPL.

6.

Risk Management

Information processed for the management of commercial, technical and administrative risks, audit and inspection records and reports, requests and complaints, information collected on events that have the potential to affect the client or consultant company, company employees, company shareholders, etc.

7.

Finance

(Client/Client Data)

Balance sheet information, financial performance information, credit and risk information, asset information, debit and credit balance, financial movement information

It is processed on the basis of the legal grounds set out in Article 5/2 of the LPPD; a) it is expressly stipulated by law, c) it is mandatory to process personal data belonging to the parties to the contract due to the fact that it is directly related to the establishment or performance of a contract, ç) data processing is mandatory for the data controller to fulfil its legal obligation.In line with your request, the purpose of processing each category of personal data and data type will be detailed and communicated to you through the personal data inventory kept within the Office.

All disclosure texts specific to the website processes can be accessed under the PLPD heading on our website.

 

  1. Transfer of Personal Data and Purpose of Transfer

In order to achieve the above-mentioned purposes and to ensure the uninterrupted execution of GRC LEGAL commercial operations and business processes, your personal data may be transferred domestically based on the legal grounds of your explicit consent in Article 8/1 of the Law, in addition to this, in accordance with Art. 8/2/a of the Law; based on the legal reasons that data transfer is mandatory for the legitimate interests of the data controller, provided that it is expressly stipulated in the laws, it is mandatory for the data controller to fulfil its legal obligation, data transfer is mandatory for the establishment, exercise or protection of a right, and data transfer is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, it may be transferred to the following persons by applying all necessary technical and administrative measures for data security.

  • Legally authorised public institutions and organisations, judicial and administrative authorities,
  • Private law legal entities and real persons permitted by other legislation,
  • Business partners from whom services are received or cooperated for the execution and development of the activities of the Office, and GRC LEGAL suppliers when necessary,

In this regard, you can withdraw the explicit consent you have given for the transfer at any time and consult the authorities of the Office. The relevant disclosure and consent texts are communicated to the persons concerned in the form of gradual disclosure or by various means specific to GRC LEGAL processes and activities.

  1. Rights of Relevant Persons under the Law

You may, at any time, contact GRC LEGAL to obtain the remedies arising from Article 11 of the Law: a) b) to learn whether personal data has been processed, c) to learn the purpose of processing personal data and whether personal data is used in accordance with its purpose, ç) to know the third parties to whom personal data is transferred domestically or abroad, d) to request correction of personal data in case of incomplete or incorrect processing, e) to request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7. f) to request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred, g) to object to the occurrence of a result against the person himself/herself by analysing the processed data exclusively through automated systems, ğ) In the event that personal data is damaged due to unlawful processing of personal data, you can request the compensation of the damage; You can request your rights.

You can submit your requests regarding your rights and the application of the Law by filling out the application form available at www.grc-legal.com or by us or by fulfilling the minimum conditions written below;

  1. “Gayrettepe, Yıldız Posta Cad. No:14 Emel Apt. 2/202 Beşiktaş/İstanbul” via notary public, by registered mail with return receipt requested at your discretion for ease of proof, or by your personal application,
  2. By sending an e-mail to kvkk@grc-legal.com using the e-mail address notified by you to GRC LEGAL and registered in the GRC LEGAL system.

In the application that you have as a personal data owner and that you will make in order to exercise your rights mentioned above and that includes your explanations regarding the right you request to exercise; the matter you request must be clear and understandable, the subject you request must be related to your person or if you are acting on behalf of someone else, you will need to submit your special power of attorney certified by a notary public in this regard.

In accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller”, it is mandatory to include the following elements in your applications: name-surname, signature, Turkish ID number (nationality, passport number or ID number, if any, for foreigners), residential or workplace address for notification, e-mail address, telephone and fax number, subject of request. Applications that do not contain such elements will be rejected by GRC LEGAL and/or directed to valid application channels.

All registered or unregistered intellectual property rights such as title, business name, trademark, patent, logo, design, information and method contained in this Site belong to the site operator and owner company or the specified person concerned and are under the protection of national and international law. Visiting this Site or using the services on this Site does not give any rights to the intellectual property rights in question. The information contained on the Site may not be reproduced, published, copied, presented and/or transferred in any way. The whole or part of the Site cannot be used on another website without permission.

All GRC LEGAL employees are equipped with awareness training on the Law on the Protection of Personal Data, are periodically informed and have the notion of confidentiality. GRC LEGAL acts with awareness and sensitivity in all activities carried out by GRC LEGAL and in the life cycle of personal data within GRC LEGAL.

GRC LEGAL always reserves the right to make changes in this disclosure text for reasons arising from the Law, secondary regulations and Board decisions. Updates to be made from time to time due to operational requirements do not require any prior notification and include all services and products, pages, information and visual elements. Changes to be made in the clarification text and the current text will become effective immediately as of the date of notification to you.

 

Each person who visits the website www.grc-legal.com is deemed to have accepted the above-mentioned terms. GRC LEGAL reserves the right to change all products and services, pages, information, visual elements on the Site without prior notice.

 

This text was updated on 18.03.2024.