General Data Protection Regulation

Home Page General Data Protection Regulation

General Data Protection Regulation

As Kulaklı Legal (“Kulaklı Legal” or “Company”), we attach importance to ensuring the security of your personal data. Your personal data is processed, maintained and protected by Kulaklı Legal in accordance with the basic principles and personal data processing conditions in the Personal Data Protection Law No. 6698 (“GDPR”). For this purpose, we would like to inform you about the processing of your personal data, as a company that takes every precaution and shows utmost sensitivity for the protection of data.

1. Our Personal Data Processing Principles

Your personal data is processed by us in the light of the following principles:

a) Compliance with the law and the rules of honesty,

b) Being accurate and up-to-date when necessary,

c) Processing for specific, explicit and legitimate purposes,

ç) Being connected, limited and restrained with the purpose for which they are processed,

d) To be kept for the period required by the relevant legislation or for the purpose for which they are processed.

2. Clarification Obligation

Article 10 of the GDPR requires the data controllers to fulfill the obligation of disclosure while obtaining the consent of the persons whose data is processed. Kulaklı Legal “relevant persons” who have the title of “data controller” within the scope of the relevant article:

a) the identity of the data controller and its representative, if any,

b) the purposes for which personal data are processed,

c) To whom and for what purpose the processed personal data can be transferred,

d) Methods and legal reasons for collecting personal data,

e) informs the data subject about the rights that the data subject may direct to the data controller pursuant to Article 11 of the GDPR.

The aforementioned disclosure is made with this Clarification Text and our explanations are given below.

3. Identity of Data Controller

Pursuant to Article 3/1 (i) of the GDPR, data controller is defined as 'real or legal persons who determine the purposes and means of processing personal data and are responsible for the establishment and management of the data recording system'. In this context, the Company acts as a data controller and the information about the Company is shared below in order to be able to contact Kulaklı Legal regarding your personal data:

Kulaklı Legal

Address : Exen İstanbul Tower No.99 Ümraniye - 34764 İstanbul, TR

Email : info@kulaklı

Phone : +90 216 210 12 88 (Pbx.)

4. Processing and Purposes of Personal Data

Your personal data is only processed with your explicit consent or in the presence of one of the following conditions of compliance with the law. These;

• Clearly stipulated in the law,

• It is necessary for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized,

• Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,

• It is mandatory for the data controller to fulfill its legal obligation,

• The person concerned has been made public by himself,

• Data processing is mandatory for the establishment, exercise or protection of a right,

• In cases where data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

In this direction, the performance of the employment contracts concluded with the Company employees, the obligation of data processing for the legitimate interests of the Company in terms of employees, employee candidates and interns, and the Labor Law No. 4857, Turkish Code of Obligations No. 6098, Social Insurance and Health Insurance Law No. 5510 and other Personal data is processed in order to fulfill the obligations arising from the legislation.

In addition, suppliers, dealers, contractors, intermediaries, who are related to the Company's business and activities, in order to fulfill the obligations arising from the Turkish Commercial Code No. 6102, the Turkish Code of Obligations No. 6098 and other legislation and the execution of the contracts concluded for the fulfillment of the Company's operational activities, Some personal data belonging to all natural and legal persons (“Business Partners”) and business partners' employees with whom Kulaklı Legal does joint business or receives services, including joint venture shareholders, brokers, representatives, distributors and other service providers. can be processed. In order to avoid any doubt, data processing activities carried out by Kulaklı Legal include issuing invoices and self-employment receipts for the purchase of materials and/or services from within the country or abroad, concluding consultancy contracts with third parties, and keeping records of the cases in which the Company is a party. Personal data is also processed during.

In order to process data within the above-mentioned purposes, the company obtains the explicit consent of the data owners, and in cases where express consent is not required by law, data processing is carried out in accordance with the data processing conditions.

Within the scope of Article 6 of the GDPR, personal data of special nature, which may subject the relevant persons to discrimination and therefore require more sensitive protection, are counted. In accordance with the relevant provision, these data; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other belief, attire, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Among these listed data, data on health and sexual life can only be processed with explicit consent; Personal data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws.

Data on health and sexual life can only be processed without the explicit consent of the person concerned, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, or by authorized institutions and organizations under the obligation of secrecy.

The company only provides health data such as the delegation report of its employees and employee candidates, a report that can work in heavy and dangerous jobs, prosecutor's office certificate and criminal record records, since it is clearly stipulated in the laws at the stage of employment, and no special personal data is processed.

5. To Whom and For What Purpose the Processed Personal Data Can Be Transferred

Your personal data may be shared with business partners, public legal entities and judicial authorities within the scope of the purposes listed above and when necessary for the Company to fulfill its legal obligations.

In addition, some personal data obtained from our employees and business partners within the Company are transferred abroad in order to provide server services within the Company and to perform the concluded contracts.

In the sharing of your personal data, the regulations in Articles 8 and 9 of the GDPR are complied with and all kinds of technical and administrative measures are taken to ensure data security during and after the sharing process.

Pursuant to Article 8 of the GDPR, the personal data is subject to the explicit consent of the person or to the “2. In case of one of the situations specified under the heading "Processing Purposes", it can be transferred without seeking explicit consent.

Pursuant to Article 9 of the GDPR, in addition to the above, in order to transfer personal data abroad, there must be sufficient protection in the foreign country to which the personal data will be transferred. Countries with adequate protection are determined by the Personal Data Protection Board (“Board”).

6. Rights of the Relevant Person

As the relevant person, by applying to us, about yourself;

• Learning whether personal data is processed or not,

• If personal data has been processed, requesting information about it,

• Learning the purpose of processing personal data and whether they are used in accordance with the purpose,

• Knowing the third parties to whom personal data is transferred at home or abroad,

• Requesting correction of personal data in case of incomplete or incorrect processing,

• Requesting the deletion or destruction of personal data in the event that the reasons requiring the processing of personal data disappear within the framework of Article 7 of the GDPR,

• Requesting notification to third parties to whom personal data has been transferred, that personal data has been corrected if incomplete or incorrectly processed, or that personal data has been deleted or destroyed within the scope of Article 7 of the GDPR,

• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

• Requesting the compensation of the damage in case of loss due to unlawful processing of personal data

We let you know that you have the rights.

It is possible for you to submit your other requests regarding your rights and the implementation of the GDPR in writing or by other methods to be determined by the Board.

The Company will conclude your requests within this scope free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff to be determined by the Board may be charged.

7. How Do We Protect?

All necessary technical and administrative measures are taken by our Company in order to protect the personal data collected and processed by the Company, to prevent it from falling into the hands of unauthorized persons and to prevent the real and legal persons with whom it cooperates.

A high level of importance is attached to ensuring that the software used in the company's activities comply with the standards, the careful selection of third parties, the authorization of the employees in a certain way, the training of the employees in this direction, and the enforcement of internal policies in order to protect personal data.

8. Right to Apply and Obtain Information

Regarding personal data, within the scope of Article 11 of the GDPR, in case any of the above-mentioned rights are requested to be exercised, the Company can be applied. This application must be made to the Company in writing or by other methods determined by the Board. We have prepared an application form for you in the link below so that you can make your applications easier.

Please fill in the application form;

By personally coming to the above-mentioned address of the Company (applicant comes in person and fills in the application form with his/her identity card),

By sending it to the company address via notary public or registered mail,

Send it to the above-mentioned registered e-mail address of the Company using secure electronic signature, mobile signature or the e-mail address previously notified to us by the relevant person and registered in the Company's system.

Pursuant to Article 13/2 of the GDPR, you will receive a response within 30 (thirty) days from the date on which the applications are received by the Company. Our answer will be delivered to you in writing or electronically. We would like to mention that; If the answer to be given in accordance with the GDPR exceeds ten pages, a transaction fee of 1 (one) Turkish Lira may be charged for each page exceeding ten pages.