Content

• 1. Purpose and Scope
• 2. Definitions
• 3. Policy
• 4. Principles To be Followed While Processing Data
• 5. Personal Data Collected
• 6. The Purposes of Processing Personal Data
• 7. Methods of Processing Personal Data and Its Legal Basis
• 8. Retention and Destruction of Personal Data
• 9. Transfer of Personal Data
• a. Local Transfers
• b. Transfers to Abroad
• c. Parties Conducting the Transfers
• 10. Measures Regarding the Provision of Data Security
• 11. Data Protection Officer (DPO)
• 12. Data Inventory
• 13. Rights of The Data Subject
• 14. Exercises of Rights of Data Subject

1. Purpose and Scope

This website you visited is affiliated with İstanbul Uluslararası Denetim ve SMMM Ltd. Şti. (“Company”)

The main objective of this Personal Data Protection Policy (the "Policy") is to provide explanations regarding the personal data processing activities carried out by the Company pursuant to the law and the systems adopted for the protection of personal data and, in this context, to provide transparency by informing the people whose personal data is being processed by our Company.

This Policy applies to all activities managed by the Company regarding the processing and protection of personal data by the Company along with the relevant detailed data procedures.

Back to Top

2. Definitions

KVKK: Personal Data Protection Law numbered 6698.

GDPR: EU General Data Protection Regulation.

Data Processor: The natural person or legal entity that process data on behalf of the data controller with the authority given by the data controller.

Data Controller: The one who defines the purpose and the means of processing personal data and responsible of the data recording system management.

Data Subject: A natural person, includes but not limited to an employee, customer, business partners, stakeholders, authorities, leads, candidate for recruitment, intern, visitors, suppliers, employee of business partners, third parties of the Company and its affiliates with whom they have a commercial relationship, whose data is processed.

Explicit Consent: Consent that is given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her.

Personal Data: Any information related to a natural person whose identity is known or could be identified.

Sensitive Personal Data: Biometric and genetic information related with race, ethnicity, political or philosophical opinions, religion, sect or other believes, appearance, union memberships, health, sexual life, convictions and security measures etc.

Processing of Personal Data: Any kind of operation performed on data such as obtaining, recording, storing, preservation, modification, reorganization, disclosure, transfer, takeover, making available, classification or preventing the use of personal data in fully or partially automated or non-automated ways, provided that it is part of any data recording system.

Anonymization of Personal Data: To render data in such a way that it can no longer be associated with an identified or identifiable person even when the personal data is matched with other data.

Deletion of Personal Data: To delete or to render personal data in such a way that it is no longer accessible or reusable for the users

Deletion of Personal Data: To render personal data to make it inaccessible, unrecoverable and not useable by anyone

Company: İstanbul Uluslararası Denetim ve SMMM Ltd. Şti.

KVK Board: Turkish Personal Data Protection Board.

KVK Authority: Turkish Personal Data Protection Authority

Back to Top

3. Policy

The Company has different policies that cover protection of personal data along with the information security in regard to certain work activities and functions. Unless this Policy has additional provisions or higher standards for the protection of personal data, the other different data protection provisions of the company shall prevail.

The relevant regulation provisions shall first apply in processing and protecting personal data; and if there happens any contradiction between the articles of this Policy and the legislation, then current legislation clauses shall prevail.

Herein this Policy is prepared in accordance with the rules and procedures stipulated in KVKK and the relevant legislation for the protection of personal data. In this context, as Data Controller is also liable to prevent illegal processing of personal data and access and protect the personal data from being accessed illegally in accordance with KVKK, he/she must take all necessary technical and administrative measures.

Back to Top

4. Principles To be Followed While Processing Data

Our Company acts in accordance with the following general principles in all of its Personal Data Processing activities:

• Personal data must be processed lawfully, fairly and transparently,
• Personal data can only be collected for specific, explicit and legitimate purposes,
• Personal data must be adequate, relevant and limited to what is necessary for processing,
• Personal data must be accurate and kept up to date with every effort to erase or rectify without delay,
• Personal data must be kept in a form such that the data subject can be identified only if is necessary for processing,
• Personal data must be processed in a manner that ensures the appropriate security.

Back to Top

5. Personal Data Collected

Your personal data collected by our company varies according to the quality of the relationship with our company and the legal obligations. Your personal data collected can be listed as follows:

• Identity Information (liable to amendments as per to requirements, ID number, name, surname, passport number, if the ID card shared, the information on the card, photo, etc.),
• Contact Information (E-mail address, phone number, mobile phone number, address etc.),
• Client Information (client number, client income information, client profession information, vehicle registration plate, training information etc.),
• Family Members and Proximity Information (identification, contact information and professional training information of the Data Subject’s children, spouses, in particular in relation to employee candidates, etc.),
• Customer Transaction Information (CDR (call detail record), call center records, credit card balances and extracts, payment receipts, client bank orders, and relevant information taken under record in regards; these are directly related to natural persons and the orders),
• Physical Security Information (enter-exit records, visit information, camera records etc.)
• Process Security Information (website password and password information, etc.)
• Risk Management Information (associated with Data Subject, address register system records, IP address tracking records etc.)
• Financial Information (in case of legal follow-up, credit card debt, loan amount, loan payments, debt balance, receivable balance in line with the information by the authorities etc.) and accounting information with related records.
• Employee Candidate Information (CV, interview notes, personality test results etc.)
• Legal Procedures and Compliance Information (data on the documents such as court and administrative authority decisions etc.)
• Audit and Inspection Information (information on any record and transaction relating to the legal pursuit and our rights associated with the Data Subject)
• Sensitive Personal Data (data on health, data on criminal convictions and security measures,)
• Claim/Complaint Management Information (information and records about the demands and complaints made to our Company regarding our services related to the person etc.)
• Reputation Management Information (information collected in order to protect the commercial reputation of our company etc.)
• Audiovisual Data (photos, camera records, auditory recordings etc.)
• The Personal Data types listed do not include all your processed data and personal data similar to the data listed by our company may be processed.

Back to Top

6. The Purposes of Processing Personal Data

Our company informs data subjects during obtaining personal data due to KVKK and relevant legislation. In this context, the Company makes a notification/information regarding the purpose of data processing, transfer of the data and to whom the data shall be transferred, the method of collecting personal data and the legal purpose of collecting personal data.

The purpose of processing personal data information varies according to the relationship between the company and personal data subject and legal nature of the business.

The purposes of processing personal data by the Company are as follows:

• Within the scope of the company based commercial activities, planning and business development tasks, etc.;
• Realization of legally required transactions, performance of obligations,
• Declarations made to official institutions,
• Activities related to the establishment and execution of contracts,
• Managing, conducting, planning and improving client relations,
• Activities for the realization of post-contract services,
• Monitoring, planning and execution of consultancy activities,
• Monitoring, planning and execution of financial and accounting activities,
• Planning and execution of information technologies and data security activities,
• Planning and execution of physical and electronic / network security activities,
• Increasing brand awareness;
• Planning and execution of actions aimed at increasing the level of perception about corporate activities and brand,
• Planning, management and execution of organizations, meetings, invitations and events,
• Managing the client satisfaction processes during and/or following the completion of service offering processes,
• Activities for receiving, evaluating and finalizing demands and complaints,
• Realization and follow-up of transactions and activities to fulfill the obligations arising from the contractual relationship.
• Within the scope of planning, execution and management of corporate relations;
• Managing, conducting, planning and developing relations with suppliers/business partners,
• Building and conducting corporate managerial communication activities,
• Building and conducting external trainings,
• Within the scope of legal, technical and commercial security measures among parties in relation with the Company data is processed under;
• Notifying the relevant authorities/institution and/or conducting responsibilities within the audit processes,
• Assuring security measures on physical and electronic environments for the parties the Company is involved in,
• Keeping records as per to commercial security measures and organizing, conducting and auditing these measures for the parties the Company is involved in,
• Assuring the applicable activities are being conducted in regard with data accuracy and making sure the data is up to date,
• Planning and/or conducting the Health & Safety processes,
• All guest entrances – exits are recorded within the legal requirements and applicable to the legislation.

7. Methods of Processing Personal Data and Its Legal Basis

Personal data can be obtained parties who are data subject and/or third parties who have explicit consent of the data subject.

The obtained personal data can be processed by collecting, saving, editing, configuring, storing, adapting, changing, using, transferring, deleting, destructing and anonymizing.

Personal Data may be processed by one or more of the above methods without the explicit consent of the data subject in the presence of one the legitimate reasons listed in Article 5 of KVKK:

• Explicitly prescribed in laws and any relevant legislation,
• Being legally mandatory for the person cannot grant consent due to physical incapability or legally forbidden to grant consent in regards with other’s living rights,
• Requirement on processing personal data of the parties subject to a contract/agreement, due to the execution of a contract / agreement,
• Legally being mandatory for the data controller to fulfil the legal liability,
• Publicized by the relevant person directly,
• Legally being mandatory to be processed for a granted right to be conducted, used and/or protected,
• Processing personal data for legitimate purposes without contracting the basic rights and freedom of the relevant person.

Back to Top

8. Retention and Destruction of Personal Data

• Our company takes into account the law and legislation that is in place during processing the personal data. Within this scope, the retention and period of limitations are taken into account on Personal Data Protection activities. In case the processing activity is disposed, and there is no further legal basis to store personal data, relevant data is to be deleted, destructed and/or anonymized. The personal data shall be subject to retention, disposal or anonymization upon the demand of the data subject and/or the Company’s periodic control in which the Company realizes the reason to process the data is no longer available, due to the Article 7 of KVKK and other related legislation.
• The personal data transmitted to us by mistake in any way or in cases where it is understood that the will of the data subject is not directed to give explicit consent, is immediately destructed by our Company by methods in accordance with the Law.
• Our company will not keep personal data for longer than necessary, in connection with the reason for the collection of the data, so as to allow identification of the data subject.
• Our company can only store personal data longer than advised, in order to protect the rights and freedoms of the data subject in line with applying technical and organizational precautions only to serve public welfare, scientific or historic research or statistical research.
• Including the retention period for each category of personal data and the legal obligations that the Company has to store data, the criteria used in identifying this period are specified in our Company's Personal Data Retention and Destruction Policy and will be applied in all cases.

Back to Top

9. Transfer of Personal Data

a. Local Transfers

Personal data is not transferred to any third party without an explicit consent, unless it is legally required due to KVKK, relevant legislation and cases where it is mandatory to be shared with the external parties due to administrative/uridical cases. However, as per to the Article 5 and Article 6 of KVKK, in case legal basis are present and it is legally required, on third party transferred, consent/explicit consent will not be observed.

Our Company fulfills its obligation to inform the Data Subject regarding this transfer. Accordingly, the institutions, organizations and/or persons where data can be transferred are listed below.

b. Transfers to Abroad

The Company may transfer the personal data abroad by obtaining explicit consent of the data subject along with taking appropriate and necessary security measures stipulated in KVKK and related legislation. For the situations where the explicit consent of the data subject is not sought, it is considered whether the country that the data will be transferred, is in "adequate country" stature and has adequate protection or not. If the Authority considers that the transferee country is not in adequate country statute, the Authority approval should be taken, and a data transfer protocol should be signed to guarantee adequate protection.

c. Parties Conducting the Transfers

• Within the scope of the Labor Law, Obligations Law, Income Tax Law and Procedures, Commercial Law, Private Employment Agencies and relevant legislations,
• Related public institutions and organizations,
• Competent authority,
• Tax offices workplace inspector, İŞKUR, regional labor and SGK can be shared with administrative institutions and organizations.
• Externally supported law offices, courts and other official and judicial authorities upon request.
• Company shall take all security measures for data transfers specified in the relevant legislation. All data transfers performed by our Company shall be in accordance with Articles 8 and 9 of KVKK and apart from these, our Company shall not disclose your personal data.
• Within the scope of production and operation of the products and services, our Company may transfer the personal data to;
• Business partners, suppliers, business partners that we cooperate locally and/or abroad.

Back to Top

10. Measures Regarding the Provision of Data Security

Our company takes technical and administrative measures to prevent data breaches to ensure the security of personal data. In this context, our Company;

• Administrative measures;
• It conducts a risk audit to identify existing risks and threats,
• Awareness studies for employees are conducted periodically,
• There are personal data security policies and procedures,
• It works to minimize personal data as much as possible by adopting the concept of data minimization.
• Technically;
• Ensuring cyber security,
• Monitoring of personal data security,
• Ensuring the security of environments containing personal data,
• Storing personal data in secure areas and cloud computing systems,
• Information technology systems procure, develop and maintain the necessary software and hardware measures, taking personal data in accordance with the conditions required by the law.

Back to Top

11. Data Protection Officer (DPO)

• The Data Protection Officer have specific responsibilities in respect of procedures and is the first point of call for Employees/Staff seeking clarification on any aspect of data protection compliance,
• Data Protection Officer, whom is considered by the Board of Directors to be suitably qualified and experienced, is appointed to take responsibility for Company’s compliance with this policy on a day-to-day basis and, in particular, has direct liability for ensuring that Company complies with KVKK and GDPR, as the authorized person of the Company does in respect of data processing that takes place within their area of responsibility.

Back to Top

12. Data Inventory

Company has established a data inventory as part of its approach to address risks and opportunities throughout its KVKK and GDPR compliance project.

Company’s data inventory determines:

• business processes that use personal data,
• processed personal data,
• processed sensitive personal data,
• data subject,
• collection method of personal data-source of personal data,
• purpose of processing personal data,
• legal basis for processing personal data,
• retention period of personal data,
• mediums where personal data stored,
• destruction methods of personal data,
• any kind of data transfers,
• recipients/recipient groups to whom personal data transferred,
• method and purpose of transfer,
• technical and administrative measures.

Back to Top

13. Rights of The Data Subject

Within the scope of Article 11 of KVKK the data subject has the following rights and if he/she wishes, he/she can use his/her rights by reaching the data controller in the methods determined by him/her:

• To learn whether personal data is being processed,
• To make requests regarding the nature of information held and to whom it has been disclosed,
• To learn the processing purpose of personal data and whether it is used in accordance with this purpose,
• To be informed about the third parties that the personal data is transferred in country or abroad and to make notification in regard to the transactions made,
• To demand correction for the personal data that is processed as deficient or incorrect and to notify third parties about this,
• To demand deletion or destruction of the personal data of which the legal basis to process is no more available, even if the data is processed in accordance with the related law,
• To object any result against the data subject,
• To demand compensation in case of any damage caused by illegal processing of the personal data.

Back to Top

14. Exercises of Rights of Data Subject

In accordance with KVKK regulations; should you have inquiries on your rights mentioned hereinbelow, by completing the Data Subject Application Form you can send it to the following address Halide Edip Adıvar Mah. Sultan Sk. Nu:20 İç Kapı Nu: 17 Şişli/İstanbul along with ID verification documents either by hand or via postal services or by sending an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.. All queries will be answered within 30 days of receipt.

If the transaction requires an additional cost, the tariff set by KVKK will be charged.

Back to Top

This website you visited is affiliated with İstanbul Uluslararası Denetim ve SMMM Ltd. Şti. (“Company”).

Thank you for visiting our website and reading our privacy and security statement.

BASIC INFORMATION ABOUT OUR APPROACH TO DATA SECURITY AND PRIVACY

Company has dedicated itself to ensuring the security of your personal data in all of its information systems. For Company, privacy and security matters form the basis of the relation between us and our customers. Company understands your particular concern about your confidentiality and security and place utmost importance on that matter.

Information that you will be disclosing when using this website may also be controlled by other firm in order to enable us to secure the control, inspection and security of the said data at the utmost level. Each independent firm shall be legally liable for any data controlled and inspected by it.

This Privacy Statement is applicable to all data processed by Company, including Personal Data collected or transmitted via website, our software and self-service applications, mobile applications or social media accounts and other online or offline channels.

PROTECTION OF PERSONAL DATA

Company acts in the capacity of a data controller in line with KVKK no. 6698 and provisions of any other legislation applicable to the protection of personal data. Accordingly, personal data shall be processed only by Company personnel authorized to implement any privacy and security policy as well as services falling within the scope of duty of Company’s management office and the personnel named in the privacy and security authorization matrices, and those natural/legal persons authorized by Company for such purpose by fulfilling the condition of informing the data subjects. For details, please click the Personal Data Protection and Processing Policy.

ELECTRONIC MESSAGES

Subject to communication consents provided by you during your communication with us regarding electronic (e-mail) messages, you will be deemed to have accepted to receive e-mail messages through your contact details, for the promotion of services offered by Company, information on new products and services, announcements on issues regarding legislation, and other matters that may be of interest for you. In this respect, you may contact Company to request that messages are no longer to be sent to you through one or more than one communication channel.

LOG DATA, COOKIES AND WEB BEACONS

Cookies are program bits that are usually in the form of text files that may be embedded in laptops, desktop PCs and mobile devices, which collect various data.

Cookies may be used to collect the following data:

• Internet Protocol (IP) address,
• Domain name of the computer that you use for connecting to the website,
• Date and time of your connection and the time you spend on the website,
• Link of the page over which you connect our website,
• Information about your computer, your browser’s brand, your operating system, Java support, flash version, your screen definition and connection speed and similar data,
• Details of the page on the computer that is used for connection when a request is made from our website,
• Volume of the data in bytes, transferred on our website,
• Contents of traceable cookies,
• Our website uses temporary session cookies to render your online activities secure and to enhance the website performance,
• Areas such as Login time, Username and User ID that are necessary for our software and self-service applications ("Applications"),
• Details of the URL over which the User has transmitted his last request through the applications
• Your browser’s language.

Please click Cookie Policy for details.

PURPOSE OF USING YOUR DATA

We may use your personal data which we record during your visits to our website, via automated or non-automated means, or which you may disclose to us in contact forms, e-mails or via other electronic transactions, primarily for the purpose of satisfying your requests and subsequently for ensuring improvement of the services offered to you. Overall purposes of use of such data may be listed as follows:

• To contact you,
• To enable your access to the website or self-service options, by performing operations regarding your online account, including but not limited to the provision of a username and password,
• To answer questions received from you,
• To provide information about legislative changes and other important matters,
• To ensure the administration of our website,
• To improve our service quality.

Please do not disclose such data that you would not want us to collect for the purposes above. Please remember that unless you provide such data, we will be unable to contact you, and that your certain data may still be collected by means of cookies during your visit to this website.

DATA SECURITY

Company places utmost importance on the security of your data. We take measures conforming to sector standards to prevent unauthorized collection and use of your data. Exchange of information on the Internet is not generally secure. Therefore, we recommend you exercise due care by user when exchanging information through our website and online systems. If you do not take this care, Company cannot guarantee you about the security of your information and communication on the website or capture them by third parties.

When your information is received by the Company, it is protected in accordance with our security and privacy standards. Your data are stored for the purposes set out above and only for the durations required by the needs of our business process or as prescribed by the law.

DATA TRANSFER

We may transfer the personal information we collect about you to other countries different from the country we collect the data, as we use their services of the internet service providers, hosting companies, e-mail providers, domain providers (for example; Microsoft 365). Data protection laws and regulations applied in these countries may differ from the laws applicable in Türkiye.

Hereby, we will protect your information in accordance with the applicable law as described in this Privacy Policy while transferring it to other countries.

PROTECTION FOR CHILDREN’S ONLINE ACTIVITIES

We support parents willing to supervise and control online activities of their children. In no event do we ask children on purpose to share their personal data. If we come to know that a person whose personal data are collected by us is younger than 13 years old, we may use such data to try to promptly inform his/her parents. This rule shall be applicable for age 16 under the European Union General Data Protection Regulation (GDPR).

DESIGNING NEW PROCESSES IN LINE WITH PRIVACY RULES

Company takes the most appropriate technological and organizational measures to ensure confidentiality when developing new systems and applies necessary developments for the processing of personal data in line with their intended purposes (Privacy by design).

Should you have any queries about this Privacy Policy, please click the link.

Online Visitor Clarification Text Regarding the Processing of Personal Data

As Boss Yönetişim Hizmetleri Anonim Şirketi (“Company”), we attach the utmost importance to the security of your personal data. With this awareness, we place great emphasis on ensuring that personal data of a general and special nature is processed, retained, and deleted in compliance with the Law on the Protection of Personal Data No. 6698 (“Law” or “KVKK”), the secondary legislation enacted and to be enacted pursuant to the Law (regulations, communiqués, circulars), and the binding decisions adopted and to be adopted by the Personal Data Protection Board. With full awareness of this responsibility, acting in the capacity of “Data Controller” as defined under the Law, we process your personal data relating to your visit in the manner explained below and within the limits prescribed by the applicable legislation.

1. Information Regarding the Data Controller

Pursuant to the Law, Boss Yönetişim Hizmetleri Anonim Şirketi, registered with the Istanbul Trade Registry Directorate under tax identification number 1800379183, and domiciled at “Esentepe Mahallesi Büyükdere Cad. Astoria Sit. No: 127 B/8 Şişli/İstanbul”, is the Data Controller.

2. Categories and Types of Personal Data Processed

Category	Personal Data
Identity Information	Name, Surname
Contact Information	Phone Number, Email Address
Professional Information	Your Company

3. Methods of Collecting Personal Data and the Activities Through Which It Is Collected

As the Company, we collect your personal data through automated means and/or through non-automated methods, provided that such data forms part of an automated data recording system.

Data Category	Activity Through Which It Is Collected
Identity Information	Contact Form on the Website
Contact Information	Contact Form on the Website
Professional Information	Contact Form on the Website

4. Purposes and Legal Grounds for the Processing of Personal Data

As the Company, your personal data is processed in accordance with the purposes and legal grounds set out below, within the limits prescribed under the Law, in a lawful and fair manner, and in a way that is at all times relevant, limited, and proportionate to such purposes.

Data	Purposes of Processing	Legal Grounds
Identity Information	Responding to your complaints, suggestions, or any kind of requests; Enabling communication with you; Providing information regarding the Company’s products and services; Providing information about the Company’s products and services, Carrying out risk management processes; Receiving and evaluating suggestions aimed at improving business processes.	Article 5/2 (c) and (f) of the Law; (c) Processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of the contract; (f) Processing of personal data is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed
Contact Information
Professional Information	Providing information regarding the Company’s products and services; Receiving and evaluating suggestions aimed at improving business processes.

5. Transfer of Personal Data

Transferee Parties	Purposes of Transfer	Legal Grounds
Authorized internal departments of the Company and, where necessary, other group companies	Carrying out customer relationship management processes and activities aimed at customer satisfaction; Responding to requests and complaints; Providing information to authorized persons, institutions, and organizations; Ensuring the security of the data controller’s operations.	With reference to Article 8/2 (a) of the Law: Transfer of personal data is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed; Transfer of personal data is mandatory for the data controller to fulfill its legal obligations.
Authorized public institutions and organizations, where deemed necessary
Foreign-based platforms (Typeform, Mailchimp)	Enabling communication with you regarding the form you have submitted and sending communications to you via email and other methods for which you have provided consent.	With reference to Articles 9/4 (c) and 9/6 (a) of the Law: 4(c) The existence of a standard contractual clause announced by the Board, covering matters such as data categories, purposes of data transfer, recipients and recipient groups, technical and administrative measures to be taken by the data recipient, and additional safeguards for special categories of personal data; (6)(a) The data subject’s explicit consent to the transfer, provided that the data subject has been informed of potential risks.

6. Rights of the Data Subject

any time, by applying to the Company, you may exercise the following rights arising from Article 11 of the Law:

• To learn whether your personal data is processed;
• To request information if your personal data has been processed;
• To learn the purpose of processing your personal data and whether such data is used in accordance with its purpose;
• To know the third parties to whom your personal data is transferred domestically or abroad;
• To request correction of your personal data if it is incomplete or inaccurately processed;
• To request deletion or destruction of your personal data within the framework of the conditions set forth in Article 7 of the Law;
• To request notification of the transactions carried out pursuant to subparagraphs (d) and (e) of Article 11 of the Law to third parties to whom your personal data has been transferred;
• To object to the occurrence of a result against you arising from the analysis of your processed data exclusively through automated systems;
• To request compensation for damages in the event that you suffer damage due to the unlawful processing of your personal data.

You may submit your requests regarding your rights and the implementation of the Law by completing the application form available at www.istanbulcpa.com or obtainable from us, or by submitting your request together with the minimum required elements specified below:

• By sending your application via email to This email address is being protected from spambots. You need JavaScript enabled to view it. using your registered electronic mail (KEP) address assigned in your name;
• By completing the application form with a wet signature and submitting it via a notary public, registered mail with return receipt, or personal application to “Esentepe Mahallesi Büyükdere Cad. Astoria Sit. No: 127 B/8 Şişli/İstanbul”;
• By sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. using the email address previously notified by you to the Company and recorded in the Company’s systems.

If responses to such requests are provided in writing, the Company shall respond free of charge for up to ten pages and may charge a processing fee of 1 Turkish Lira for each page exceeding ten pages. If the response is provided on a recording medium such as a CD or flash drive, the fee that may be requested by the Company shall not exceed the cost of the recording medium.

In the application to be submitted by you as the data subject in order to exercise your rights listed above, the subject of your request must be clear and understandable and must relate to you personally. If you are acting on behalf of another person, you must submit a notarized special power of attorney authorizing you to do so.

Pursuant to the Communiqué on the Principles and Procedures for Application to the Data Controller, applications must include your name and surname, signature, Turkish Republic identification number, residential or workplace address, email address, telephone and fax number, and details of the subject matter of the request. Applications that do not include these elements shall be rejected by the Company and/or directed to valid application channels.

The Company reserves the right to make amendments to this clarification text at any time due to reasons arising from the Law, secondary legislation, and decisions of the Board. Any amendments made to the clarification text and the updated version shall become effective as of the date on which they are notified to you.

Explicit Consent Declaration – Transfer Of Personal Data Abroad

I hereby declare that I have read the Clarification Text Regarding the Personal Data Processed within the Scope of this Contact Form, and that my personal data processed through the contact form, including identity, contact, and professional information, is processed in a manner that is limited, proportionate, and related to the purposes specified in the clarification text.

I acknowledge that my personal data is processed through automated means and, provided that it forms part of an automated data recording system, through non-automated means, and that all necessary technical and administrative measures are implemented to ensure data security. I further acknowledge that I have been informed by the authorized unit members and managers of the Company regarding the transfer process.

I explicitly consent, based on the legal grounds set forth under Article 9/4 (c) of the Law, concerning the existence of a standard contractual clause announced by the Board covering matters such as data categories, purposes of data transfer, recipients and recipient groups, technical and administrative measures to be taken by the data recipient, and additional safeguards for special categories of personal data, and under Article 9/6 (a) of the Law, provided that I have been informed of potential risks, to the transfer of my personal data abroad.

In accordance with the procedures, principles, and purposes specified in the clarification text, and limited thereto, I explicitly consent to the transfer of my personal data specified in the clarification text by the Company, in a limited and proportionate manner, through the use of overseas-based platforms (Typeform, Mailchimp), for the processing purposes stated therein.

I further acknowledge that I have been clearly and comprehensively informed of my rights listed under Article 11 of the Law, the methods for exercising such rights, and my right to withdraw this explicit consent at any time.