Clarification Text Regarding Protection of Personal Data

Tolunay Akay Attorney & Consultancy (hereinafter referred to as “Tolunay Akay”, “Our Office”, “We”, “Us”) On our website (tolunayakay.av.tr), we process the personal data of our website visitors by prioritizing security and confidentiality. Therefore, we act in accordance with the Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the “Law”). This clarification text is presented for the purpose of informing you within the scope of Article 10 of Law No. 6698.

 

Data Controller and Identity

Article 1: Your personal data is collected and processed by Tolunay Akay Attorneyship & Consultancy (“Tolunay Akay”) as the data controller for the purposes set out below in accordance with Law No. 6698.

Pursuant to Article 3 of Law No. 6698, the data controller is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system, and you can contact the data controller through the following communication channels.

Data Controller        : Tolunay Akay Avukatlık & Danışmanlık

TBB Reg. No              : 179747

Adress                          : Gayrettepe Mah, Yıldız Posta Cad, Ayyıldız Apt. A Blok, No: 30, D: 26, K: 9, Beşiktaş, İstanbul, Türkiye

E-Mail                          :  iletisim@tolunayakay.av.tr

Phone.                         : +90 (212) 924 86 11

Web                              : tolunayakay.av.tr

 

General Principles of Personal Data Processing

Article 2: Your personal data will be processed in accordance with the general principles set out in Article 4 of the Law. The principles we consider in the processing of personal data are stated below.

  • Compliance with the law and good faith.
  • Being accurate and up-to-date when necessary.
  • Processing for specific, clear and current purposes.
  • Being relevant, limited and proportionate to the purpose for which they are processed.
  • Being retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

As the Office, the above-mentioned principles constitute the basis of our personal data processing principles, and the legal grounds and reasons on which the data processing activity is based are stated in detail in the articles below.

Personal Data Processed and Purpose of Processing Personal Data

Article 3: After our potential service recipient clients reach us through our website, the categories of personal data processed by us are specified below and each data category is processed for the purposes specified opposite each data category. Our website does not collect personal data in any different categories other than the categories specified here.

  • Identity : In order to manage communication activities, to address the person who reaches us correctly, the name and surname of the visitors are recorded for limited purposes.
  • Communication : In order to manage communication activities, to manage consultancy service processes, to follow and manage legal affairs, to manage activities in accordance with the legislation, the telephone number and e-mail addresses reported by the visitors are recorded for limited purposes.
  • Transaction Security : In order to ensure transaction security, your IP Address and web page access logs are automatically recorded.

To Whom and for What Purpose Personal Data Can Be Transferred

Article 4: Among the personal data specified in this clarification text, the data that may be transferred as a result of the request of judicial authorities in order to fulfill legal obligations are specified below.

  • Identity : Authorized public institutions and organizations.
  • Contact : Authorized public institutions and organizations.
  • Transaction Security : Authorized public institutions and organizations.

Your personal data is not shared with any other organization except for the request of the authorized public institutions and organizations against the judicial authorities. These data are protected by attorney & client confidentiality within the scope of Law No. 1136 and are never shared except for the situations and circumstances specified in the Law.

Transfer Abroad and Data Processor

Article 5: Your personal data is not transferred abroad. Our website is hosted by “Veridyen Bilişim Teknolojileri San. ve Tic. Ltd. Şti.” (Data Processor) whose servers are located in Turkey. If you contact us by filling out the contact form and sending an e-mail, your messages will be hosted on servers located in Turkey.

Methods and Legal Grounds for Collecting Personal Data

Article 6: The identity and contact information of the visitors specified in the second article is obtained as a result of the visitor manually filling in the form that will be opened by clicking on the “contact” tab on the website after the visitor visits the website or sending an e-mail to us.

This information is obtained by obtaining the “explicit consent” of the visitor when filling out the relevant form. Unless explicit consent is given to us, no personal data of the person concerned is recorded and processed.

IP address and web page logs, which are another information obtained, are automatically processed by the server based on the legal reason “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” in accordance with Article 5/2-f of Law No. 6698.

Retention Period of Personal Data

Article 7: The retention periods of the personal data included in this disclosure text according to the data categories are listed below, and after the expiration of the specified periods, the relevant data are periodically destroyed without the need for any request by the data subject.

  • Contact : 10 years from the end of the business relationship.
  • Identity : 10 years from the end of the business relationship.
  • Transaction Security : 10 years from the end of the business relationship.

If the data subject no longer wishes his/her personal data to be processed or withdraws his/her explicit consent, the personal data in question will be destroyed immediately without waiting for the expiration of the above-mentioned periods.

If you wish to withdraw your previously given explicit consent, please contact us using the “Data Subject Application Form“.

Rights of the Relevant Person

Article 8: The natural person whose personal data is processed is defined as the data subject. The rights of the data subject within the scope of Article 11 of Law No. 6698 are stated below.

  1. To learn whether personal data is processed or not.
  2. To request information if personal data has been processed.
  3. To learn the purpose of processing personal data and whether they are used in accordance with their purpose.
  4. To know the third parties to whom personal data is transferred domestically or abroad.
  5. To request correction of personal data in case of incomplete or incorrect processing.
  6. To request the deletion or destruction of personal data.
  7. To request notification of the transactions made pursuant to subparagraphs (e) and (f) to third parties to whom personal data are transferred.
  8. To object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems.
  9. In case of damage due to unlawful processing of personal data, to request compensation for the damage.

You can submit your requests regarding your rights above to the data controller whose contact information is given in Article 1 of this Clarification Text in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller”.

In order to realize your application in accordance with the Communiqué and the Law, we recommend that you fill out the “Data Owner Application Form” available at this link and contact us with a written application. You can send the relevant form to us by mail or e-mail.

This page was last updated on 16/08/2023