This Privacy Policy provides information regarding the framework in which Att. Serhat Aydın who is a registered lawyer of the Istanbul Bar Association with the registry number 44053, Att. Ömer Faruk Çıkın who is a registered lawyer of the Istanbul Bar Association with the registry number 41040, Att. Ziya Can Gürvit who is a registered lawyer of the Istanbul Bar Association with the registry number 41093 (“Aydın Çıkın Gürvit Attorneys at Law”) process your personal data as the data controller in accordance with the Law on the Protection of Personal Data No. 6698 ("Law") and the applicable law.
1. Personal Data
It is any information related to a real or identifiable natural person.
2. Data Controller and its Representative
Aydin Çıkın Gürvit Attorneys at Law attaches great importance to the security of personal data relating to its clients, client candidates and / or that can be obtained due to the use of the website, and to store all kinds of personal data in accordance with the provisions of the Law and related legislation. In this context, your personal data is processed through the following methods.
3. Purpose of Personal Data Processing and Legal Causes
All the personal data that you have provided us within your CV; your name, surname, e-mail address and phone number that you have shared through the contact section; all the personal data that you have shared in the remarks section; and the registries as to the web site traffic are being processed. Our obligation to process your personal data arises from the Attorneys’ Act No. 1136, the Law on the Protection of Personal Data No. 6698, the Law No. 5651, the Criminal Code No. 5237 and the secondary provisions. Your personal data are being processed in order to fulfill our obligations within the consultancy or commercial relationship formed as per the said provisions and provide the best service.
4. Method of Collecting Personal Data and Legal Reason
Your personal data are collected either verbally, in writing, or electronically by Aydın Çıkın Gürvit Attorneys at Law in order to carry out our professional activities, through various fully or partially automated methods, as a part of the data registry system. Your personal data may be processed for the purposes specified in this Privacy Policy and Information Notice, in accordance with the general principles, data processing conditions and exceptions stipulated by the Law, and can be transferred to our business partners in accordance with the attorneys’ confidentiality obligation.
5. Transferred Locations of Processed Personal Data and Transfer Purpose
Your personal data can be transferred, within the scope of our legal services, in accordance with the Law, to judicial, administrative or similar institutions and / or persons or authorities authorized by them, to National Judiciary Informatics System, to third parties and institutions as required by legal services (e.g. banks, tax offices, etc.), and to our business partners within our right of subdelegation. The purpose of transferring data is parallel with the purpose of processing personal data.
6. Storage and Security of Personal Data
Your personal data is stored for as long as the data is intended to be processed, and in any case for 3 (three) years from the date of legal termination of the attorney relationship. The necessary technical and physical security measures are taken by us to ensure that the stored, recorded data is not lost, and unauthorized access and illegal use are duly prevented.
7.Data Processing and Application to Data Controller
Under Article 11 of the Law, by applying to Aydın Çıkın Gürvit Attorneys at Law, you will have the right to learn whether your personal data; is processed or not, request information if it has been processed, learn the purpose of processing and whether the data is used in accordance with its purpose, learn the third parties data is transferred to within the country or abroad, request correction if the data have been processed incompletely / inaccurately, request deletion or destruction of your personal data in accordance with Article 7 of the Law, request notification of correction, deletion or destruction procedures to third parties to whom personal data have been transferred, object to occurrence of any detrimental results by means of analysis of personal data exclusively through automated systems, and request compensation for the damages due to unlawful processing of personal data.
You can refer your information and application requests via email to admin@acgaal.com or via postal service.
If a person other than the personal data owner is going to make a request, there must be a power of attorney issued by the personal data owner. Our Law Office may request additional information from the relevant person in order to determine whether the applicant is personal data owner, and may ask questions regarding the applicant’s application to the personal data owner / representative to clarify the issues specified in the application.
We will conclude your requests free of charge as soon as possible depending on the nature of the request, and in any case within thirty days at the latest. However, in the event that the finalization of these requests requires a cost, the applicant may be charged a fee in the tariff determined by the Personal Data Protection Board (“Board”). We may accept and process the request or reject the request in written form by explaining its reason.
8. Your Rights Regarding the Data Processing Procedures
If the application is rejected following the above mentioned procedure, the written rejection deemed to be insufficient or request not replied in due time, within thirty days from the notification date of the reply and in any case in sixty days from the date of the application you have the right to file a complaint before the Board. However, complaint process cannot be initiated without exhausting the application remedy.
In the event of a complaint or alleged violation, the Board shall conduct the necessary inspection within the scope of its responsibility. Upon complaint, the Board reviews the request and gives its reply to those concerned. If the reply is not given within sixty days from the date of the complaint, the request is deemed to be rejected. In the event of a complaint or a direct inspection, in case the Board determines that a violation exists, it shall notify the interested parties as to the decision that the data controller shall eliminate the violation. This decision shall be executed within thirty days at the latest from the notification without delay. In case of hard to recover or unrecoverable damages arises and/or the violation is deemed to be explicitly contradicting the Law, the Board may decide to terminate the processing of data or data transfer to abroad.