in Legal Success
Clarification Text Regarding Processing Personal Data Within The Framework of The Law on Protection of Personal Data No. 6698
Purpose and Scope of The Clarification Text
The purpose of the clarification text is, in accordance with the importance attached to personal data by Attorney Mustafa GUNES Law Firm (“Company“); to reveal the approach of the Company on the protection and processing of personal data of clients and website visitors (“Data Subject“) within the scope of the Personal Data Protection Law (“KVKK“) and inform the data subject accordingly.
Data mentioned in the Clarification Text Regarding Processing Personal Data (“Text“) are processed automatically or non-automatically if registered in the data recording system.
Principles Regarding Personal Data and Processing of Personal Data
Under the guarantees provided by Article 20 of the Constitution and Article 4 of the KVKK, Company processes your personal data according to the following principles:
- Following the laws and in good faith,
- Accurate and updated when necessary,
- For specific, explicit, and legitimate purposes,
- Related to the purpose,
- In a limited and measured way,
- To keep it for the period stipulated by laws or as required by the processing of personal data,
- Based on one or more of the provisions specified in Article 5 of the KVKK.
Per Article 20 of the Constitution and Article 10 of the KVKK, Company would like to inform you of the following:
- The purpose of processing personal data,
- To whom and for what purpose the processed personal data can be transferred,
- The method and legal reason for collecting personal data and,
- Rights of the data subject.
Legal Reasons for Processing Personal Data
The Company processes personal data within the scope of the legal reasons specified in Article 5 of the KVKK, which are:
- Your Explicit Consent (Article 5/1),
- Processing of personal data belonging to the parties of a contract is necessary, provided that it is directly related to the conclusion or fulfillment of that contract (art. 5/2-c),
- It is mandatory for the Company to be able to perform its legal obligations (art. 5/2-ç),
- It is mandatory for the Company’s legitimate interests, provided that this processing shall not violate the fundamental rights and freedoms of the data subject (art. 5/2-f).
Transferring Personal Data
The Company may transfer the personal data for the legal reasons and purposes stipulated in this Text to third parties specified below:
- Legally authorized public institutions, limited to the purpose of the request, provided that they have the legal authority,
- Legally authorized private persons, limited to the purpose requested by the relevant private law persons within their legal authority,
- Servers located abroad of the CRM software program (Salesforce), used within the framework of carrying out the commercial and operational activities of the Company, in accordance with the conditions specified in Article 9 of the law.
Purpose of Collecting Personal Data
Under the legal reasons stated above, your personal data are collected to provide and develop the products and services we offer and carry out our activities. Your personal data are collected via the newsletter subscription on the website, pages opened for communication purposes, or e-mails sent to an e-mail address with an “info” extension.
Following the delivery of its services, personal data are processed by Company for the following purposes:
- Managing the subscription to the newsletter, wishes, requests, and complaints of our Clients and Website Visitors,
- In line with ensuring the execution of the Company’s human resources policies, conducting HR operations in accordance with the Company’s HR policies, providing personnel suitable for vacant positions in accordance with the Company’s HR policies, fulfilling obligations within the framework of occupational health and safety, and taking necessary measures,
- In line with the fulfillment of legal and commercial obligations of the Company and individuals who have a business relationship with the Company; communication-oriented administrative operations, operations for the service and ensuring its supervision, business partner/customer/supplier/business partner (authorized or employees or partners) evaluation processes, legal and commercial risk analyses, legal compliance process,
- In line to carry out the necessary studies to recommend the products and services offered by the Company to our clients and website visitors by customizing them according to the tastes, usage habits, and needs of our customers; delivery of newsworthy content by the Company,
- In-house system and application management operations, management of legal operations.
The personal data processed by the Company within the scope of this Text and the data subject whose data are processed are categorically classified and stated below.
|Data Subject Category||Personal Data Processed|
|Prospective Client||Name, Surname, E-mail, Phone number, Message.|
Storage and Erasure of Personal Data
The Company is committed to storing personal data for the time specified in the legislation. In case the storage period is not determined by legislation, the Company retains the personal data for the period that is required in accordance with its practices and commercial life practices, and after the said period, only for the period that is required in practice to provide evidence in possible legal disputes. After the specified periods expire, the personal data shall be erased, destroyed, or anonymized.
Rights of Personal Data Subjects
The 20th article of the Constitution states that everyone has the right to be informed about personal data about themselves. The 11th article of the KVKK also states the right to “request information” among the rights of the personal data subject. In this regard, the Company provides the necessary information if the data subject requests the information. It informs the data subject as to how these rights can be exercised to request information and how the said issues will be evaluated.
The data subject has the following rights:
- To learn whether their personal data are processed or not,
- To request information if their data are processed,
- To learn the purpose of their data processing and whether this data is used for intended purposes,
- To know the third parties to whom their personal data are transferred at home or abroad,
- To request the rectification of the incomplete or inaccurate data, if any, and to request notification of the operation made within this scope to third parties to whom their personal data has been transferred,
- To request the erasure or destruction of their personal data, even though data have been processed in accordance with KVKK and legislation when the legal reasons for processing disappear, and to request notification of the operation made within this scope to third parties to whom their personal data has been transferred,
- To object to the processing, exclusively by automatic means, of their personal data, which leads to an unfavorable consequence for the data subject,
- To request compensation for the damage arising from the unlawful processing of their personal data.
The data subject whose personal data are processed will be able to submit their requests regarding the above-mentioned rights to us by completing the form at this link, in accordance with the Communiqué on Application Procedures and Principles to the Data Controller.
The Company may request information to determine whether the applicant is a data subject and may ask questions regarding the application to clarify the issues mentioned.
As per Article 14 of the KVKK, in case the application is rejected, the response is found to be insufficient, or the application is not answered in time; the data subject can make a complaint to the Board within thirty days from the date of learning the answer, and in any case within sixty days from the date of application.
Security of Personal Data
Per Article 12 of the KVKK, the Company takes the necessary precautions to prevent the unlawful processing of the personal data it processes, prevent unlawful access to the data, ensure the appropriate security level, and perform the necessary controls in this context. The precautions taken by the Company in this regard are given below:
- Employment of knowledgeable personnel in setting up and operating systems in accordance with the principles regarding the processing of personal data and the relevant legislation,
- Using backup programs that comply with the legislation that ensures the safe storage of personal data,
- In case a service covering personal data processing operations provided as an external source, taking the necessary security measures to protect personal data in contracts with outsourcing firms, and stipulating therein the provisions that ensure the firms will comply with the measures in their organizations,
- The Company does not process the data processed within the scope of payment service, and the relevant supplier from which the service is received ensures to comply with the necessary obligations,
- Consideration of the personal data processing processes involved in all activities carried out by the Company within the scope of the data processing conditions regulated by KVKK, taking the necessary technical and organizational measures to carry out the said processes per the KVKK provisions,
- Identifying and implementing rules of practice for managing personal data processing processes and compliance structure, including precautions and controls,
- Maintenance and supervision of personal data processing processes and systems related to these processes by management systems with technical and organizational characteristics.
Data Breaches Management
The Company ensures, under Article 12 of the KVKK, that the Board and the data subject will be notified when a third party unlawfully obtains processed personal data.