Data Protection

PERSONAL DATA PROTECTION PRIVACY NOTICE


We, as Taboğlu Attorneys at Law ("Taboğlu"), pay attention to the security of your personal data to the full extent. Consequently, we attach great importance to the processing of all kinds of personal data belonging to all persons associated with our office, including those who benefit from our legal consultancy services, in accordance with the Law on Protection of Personal Data numbered 6698 (the "LPPD") and other related legislation. Aware of this responsibility, we, as the Data Controller, process your personal data in the manner below that ensures a level of security appropriate to the risk and within the limits stated by the legislation.

With this Personal Data Protection Privacy Notice, we, as the Data Controller, aim to provide information on our activities regarding the processing and protection of personal data in accordance with the LPPD and related legislation.

I.    PURPOSES OF PROCESSING PERSONAL DATA

As Taboğlu, we process your personal data in conformity with the law and in good faith, in an accurate and up to date manner, for specified, explicit and legitimate purposes and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed in accordance with Article 4 of the LPPD. In addition, we store your personal data for the duration set forth by the LPPD and the related legislation and for no longer than is necessary for the purposes for which the personal data are processed.

Your personal data will be processed pursuant to the purposes stated below and within the scope of the data processing conditions set forth in Articles 5 and 6 of the LPPD:

A.     WITH RESPECT TO VISITORS, CURRENT AND POTENTIAL CLIENTS AND BUSINESS PARTNERS

1.     Law Practice/Provision of Legal Consultancy Services: We process your data in order to carry out all kinds of attorney and legal consultancy
            activities and to provide additional/complementary services regarding those activities (such as translation, notary public, etc.).

2.     Administration, Management and Development of Activities and Services: Within this scope, we process your personal data for the below
            purposes;

             (i)     conducting the financial and accounting affairs of our office;

             (ii)    providing information to authorized persons, establishments and/or authorities for regulatory reasons;

             (iii)    using and updating information technology systems (including ensuring the provision of information technology (IT) services, storage,
                       preservation, maintenance, support, use of a central server system); and

             (iv)    ensuring that the data are accurate and up to date.

3.     Providing Information on Legislation and Sector Updates: Unless otherwise stated by the data subject, we process the contact information
           provided by the data subject in order to send electronic messages about recent legislation developments and the sector (e.g. weekly news
           bulletin, newsletters and monthly updates).

4.      Compliance with the Attorneys' Law and Other Professional Regulations: As a law firm, Taboğlu is subject to various professional obligations.
             In this context, certain records, which also contain various personal data, must be kept in order to conduct our services in conformity with such
             obligations.

5.      Taking Security Measures: Taboğlu takes several measures to ensure the security of the information (including personal data) belonging to itself
            and others. Within this scope, your personal data are processed as part of such security measures in the manners listed below;

             (i)     conducting automatic scans and other similar processes for detecting corrupted e-mails;

             (ii)    making video recordings via security cameras installed in and around the office to ensure building security; and

             (iii)   monitoring the actions and network traffic on the wireless internet network (limited to the source and target addresses), which can be
                      accessed with a password by everyone visiting our office, in order to detect unauthorized access and illegal transactions, and to take
                      necessary precautions accordingly.

B.      WITH RESPECT TO CANDIDATES (EMPLOYEES AND INTERNS)

Taboğlu processes your personal data within the frame of the below purposes in order to manage the processes regarding the evaluation of candidates and the recruitment;

             (i)     confirming your identity, when necessary;

             (ii)    assessing compliance and competence with respect to the relevant positions; and

             (iii)   sending e-mail notifications and other notices to the candidate in order to request additional information, inform him/her about the
                      application process or make a job offer.

If personal data (e.g. name, e-mail, telephone number) belonging to a third party shown as a reference by the candidate is obtained through the candidate's resume, Taboğlu may process such personal data to get in contact with such third party for obtaining information about the candidate.

Personal data concerning health may be processed by Taboğlu in order to fulfill legal obligations arising from the related legislation (e.g. the medical check-up which must be done before recruitment) by means of obtaining your explicit consent.

II.    TRANSFER OF PERSONAL DATA

Your personal data will not be used for purposes other than those mentioned above and save for legal obligations and requests of authorized institutions/authorities, will not be transmitted or transferred to third parties without your explicit consent.

If necessary for the fulfillment of the above-mentioned processing purposes, personal data processed by Taboğlu can be transferred to lawfully competent private persons or institutions within or outside the country without obtaining the explicit consent of the data subject in accordance with the personal data processing conditions stated in Articles 5, 6, 8 and 9 of the LPPD.

III.   PERSONAL DATA COLLECTION METHOD AND LEGAL REASONS

Other than the personal data collected for security measures which are collected by automated means, your personal data are collected by Taboğlu other than by automated means (verbal communication, e-mail, phone, in writing, etc.). The personal data collected through the above-mentioned ways may be processed without obtaining your explicit consent in line with the fundamentals of the LPPD and in accordance with Articles 5 and 6 of the LPPD based on one of the below conditions:

(i)     if it is expressly permitted by a law;

(ii)     if it is necessary in order to protect the life or physical integrity of the data subject or another person in cases where that person cannot express
        consent or whose consent is legally invalid due to physical disabilities;

(iii)    if it is required for and directly related to the execution or performance of a contract;

(iv)    if it is necessary in order for a data controller to fulfill its legal obligations;

(v)     if the relevant information is made public by the data subject herself/himself;

(vi)    if it is necessary for the establishment, exercise, or protection of a certain right;

(vii)   if it is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are
          not violated; and

(viii)  if the processing of special categories of personal data without the need for the explicit consent of data subject is permitted by a law.

Your special category personal data, other than those concerning health and sexual life, may be processed without obtaining your explicit consent by taking adequate measures in accordance with Article 6/3 of the LPPD.

IV.    RIGHTS TO REQUEST ACCESS AND RECTIFICATION OF PERSONAL DATA

In accordance with Article 11 of the LPPD, data subjects have right to;

(i)     learn whether or not her/his personal data have been processed and if so, request information as to the processing;

(ii)    learn the purpose of the personal data processing and whether or not his/her data are used in accordance with such purpose;

(iii)   learn the third parties in the country or abroad to whom personal data have been transferred;

(iv)   request rectification if his/her personal data are processed incompletely or inaccurately and request that all third parties to whom personal data
         have been transferred be notified of such operation;

(v)    request erasure or destruction of his/her personal data if the processing purposes have ceased to exist and request that all third parties to whom
         personal data have been transferred be notified of such operation;

(vi)   object to the occurrence of any result to her/his detriment obtained through the analysis of personal data exclusively through automated systems;
         and

(vii)   request compensation for damages in case he/she incurs damages due to the unlawful processing of his/her personal data.

You may send your request regarding the use of your above-mentioned rights by completing the Application Form that can be reached here* and delivering its original signed copy by hand or sending it with return receipt requested mail to Levent Caddesi, No: 9, 34330, Beşiktaş/İstanbul/Turkey or sending an e-mail to info@taboglu.av.tr with the subject “Request for Information regarding Personal Data” via a secure electronic signature, mobile signature or by using an e-mail address that you have previously informed us about/appears in our records.

All requests submitted by personal data subjects in one of the above-mentioned manners shall be resolved by Taboğlu free of charge and as soon as possible considering the nature of the request and within 30 (thirty) days at the latest. However, in case such operation requires a separate cost, the fee determined in the tariff of the Personal Data Protection Board may be collected.


* Only available in Turkish as applications within the scope of the LPPD have to be made in Turkish in accordance with the Communiqué on the Procedures and Principles regarding the Application to the Data Controller published in the Official Gazette dated 10 March 2018 and numbered 30356.