Gurulkan & Çakır is a data controller for the purpose of the Data Protection Law No. 6698 (“data protection law”), in respect of your personal information. As a data controller we are responsible for ensuring that when we process personal information we comply with data protection law and use such information in accordance with our client’s instructions and our professional duty of confidentiality.
1. What personal information do we collect and use?
The type of personal information we collect and process depends on our relationship with you and the context in which we obtain and use it.
Clients: where we are advising and/or acting for you
We will require certain personal information to be able to provide our services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing services to you.
Types of information we may collect:
• Your name
• Your contact information (e.g., address, phone number, mobile phone number, email address)
• Matter information (i.e., information relating to the matter in which you are seeking our advice or representation)
• Financial information so far as is relevant to your instructions (e.g., the source of funds if you are instructing us on a purchase transaction or your bank details if we will transfer money to you)
• If you are a business client, information provided by you about other individuals in connection with advice we are providing to the business (e.g., employee information)
Business development and website use: if we have or would like to have a business relationship with you, or if you visit our website
This personal information will be used to develop our business and the services we provide.
Types of information we may collect:
• Your name
• Your contact information (e.g., email address)
• Information about your occupation and professional information (e.g., job title, company, professional experience)
2. How personal information is collected and your responsibilities
We will collect personal information from you in person when we meet you or through correspondence with you in relation to your matter.
We may receive personal information from third parties to use in the course of providing our legal and professional services. The processing of this personal information may be necessary for the progression of your matter and to enable us to act in your best interests as your legal and professional adviser.
The sources we may also collect personal information from include:
• Publicly accessible sources
• Direct from a third party (e.g., from a client, such as information about their employees, other parties involved in the legal proceedings, such as the lawyer acting on the other side)
• A third party with your consent (e.g., your bank, another financial institution or advisor; consultants and other professionals we may engage in relation to your matter; your employer)
• Other technical systems, (e.g., communications systems, email, and instant messaging systems)
When we provide our services to you, we may hold and use personal information about you, your officers and/or your employees or other third parties. When you provide personal information to us relating to a third party you confirm that you have any necessary permission or authority to do so. You are also responsible for ensuring that the provision of that personal information complies with data protection and other applicable law. You must have the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.
3. How and why we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason for doing so, for example:
• To comply with our legal and regulatory obligations
• For our legitimate interests
• For the performance of our contract with you or to take steps at your request before entering into a contract
• With your explicit consent.
A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests. We make sure we consider and balance any potential impact on you and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you, unless we have your explicit consent or are otherwise required or permitted to by law.
Generally, we will collect personal information to:
• Provide legal and professional services to you, to manage our relationship and comply with our legal obligations arising from it
• Provide you with information about our business and the services we offer including relevant communications
• Help us improve our business and the services we offer.
The information above does not apply to any special category personal information which you may have provided to us or authorized us to obtain from a third party, and which we will usually only process with your explicit consent. However, in some circumstances in connection with a matter we may receive special category personal information from third parties and we can lawfully process it without your consent where it is necessary to establish, exercise or defend a legal claim or claims or whenever courts are acting in their judicial capacity.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal information without your knowledge or explicit consent, in compliance with the above rules, where this is required or permitted by law.
4. Who we share your personal information with
We share personal information with:
• Professional advisers whom we instruct on your behalf or refer you to (e.g., accountants, tax advisors or other experts)
• Other third parties where necessary (e.g., expert witnesses, courts or tribunals)
• Our financial institutions
We will share your personal information with third parties (such as the police and other law enforcement agencies) where we are under a duty to do so in order to comply with any legal, professional or ethical obligation (such as to comply with our anti-money laundering obligations), or in order to enforce or protect any of our rights, property or safety (or those of our partners, employees or clients).
5. How long your personal information will be kept
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and obligations.
When it is no longer necessary to retain your personal information, we will delete or anonymize it. In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of it, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
6. How we protect your personal information
Keeping information secure is a key part of data protection compliance. We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you of a breach where we are legally required to do so.
7. Your rights with respect to your personal information
You have the right to receive a copy of your personal information that we hold about you, subject to certain exemptions.
You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete.
You have the right to ask us that your personal information be deleted in certain circumstances. For example (i) where your personal information is no longer necessary in relation to the purposes for which they were collected or otherwise used; (ii) if you withdraw your consent and there is no other legal ground which we rely on for the continued use of your personal information; (iii) if you object to the use of your personal information; (iv) if we have used your personal information unlawfully; or (v) if your personal information needs to be erased to comply with a legal obligation.
You have the right to object to the use of your personal information in certain circumstances. For example (i) where you have grounds relating to your particular situation and we use your personal information for our legitimate interests.
You have the right to withdraw your consent at any time where we rely on consent to use your personal information.
You have the right to lodge a complaint with the Turkish Data Protection Authority, if you think we have not used your personal information in accordance with data protection law.
8. Contact Information