Related Policies
PRIVACY AND PERSONAL DATA PROTECTION POLICY
GÜLSEREN ÖNGÜN LAW OFFICE “GÜLSEREN ÖNGÜN” attaches great importance to the protection of your personal data. This Privacy and Personal Data Protection Policy (“Policy”) explains, in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”), the EU General Data Protection Regulation (“GDPR”) and other applicable legislation, how we collect, use, share and otherwise process the personal data of visitors to our website, mobile applications and other online services (collectively referred to as the “Platform”), our clients, prospective clients, business partners, newsletter subscribers, event participants and other relevant persons.1. Data Controller and Contact Information
The data controller is GÜLSEREN ÖNGÜN LAW OFFICE2. Categories of Personal Data Processed and Methods of Collection
When you use the Platform or contact us, the following categories of personal data may be collected by automatic or non-automatic means (e.g. forms, cookies, e-mail, telephone, mail, courier, hand delivery):Identity and Contact Data Name-surname, title, company name, e-mail address, telephone number, postal address,
Registration and Event Data : Newsletter subscriptions, event/seminar/webinar registrations, visual and audio recordings,
Device and Usage Data IP address, browser type, visit duration, pages visited, cookie information
Client Service Data : Information relating to third parties within client files, invoicing and payment details
Compliance Data : Identity documents provided for verification purposes,
Special Categories of Personal Data Processed only with your explicit consent or in exceptional cases permitted under Article 6/3 of the KVKK and Article 9/2 of the GDPR (e.g. establishment, exercise or defence of legal claims, public disclosure by you, legal obligation), and only to the extent strictly necessary.
3. Purposes and Legal Bases for Processing Personal Data
Your personal data are processed for the following purposes and on the legal bases set out in Articles 5 and 6 of the KVKK and Articles 6 and 9 of the GDPR:Purpose
Primary Legal Bases
4. With Whom and For What Purposes Your Personal Data May Be Shared
Your personal data may be shared, to the extent necessary for the above purposes and in compliance with Articles 8 and 9 of the KVKK and Articles 44–50 of the GDPR, with the following recipient categories:- Our business partners and collaborating law firms abroad,
- Cloud, e-mail, hosting and other technical infrastructure providers (domestic and foreign),
- Financial institutions (for payment and invoicing purposes),
- Competent public authorities, courts, notaries and enforcement offices,
- Acquirer or potential acquirer companies in mergers, acquisitions or asset sales,
- Regulatory authorities where required by law.
5. Retention Periods for Personal Data
Your personal data will be retained only for as long as required for the purposes of processing and in accordance with the statutory limitation and retention periods. Retention Periods (indicative):6. Security of Personal Data
We implement appropriate technical and organisational measures (encryption, access restrictions, regular training, confidentiality undertakings, periodic audits, etc.) to prevent unauthorised processing of or access to your personal data and to ensure their proper storage. In the event of a personal data breach, notification will be made to the Personal Data Protection Authority and to the affected data subjects within 72 hours, as required by the KVKK and GDPR.7. Your Rights as a Data Subject (KVKK Art. 11 and GDPR Chapter III)
You may exercise the following rights at any time:- To learn whether your personal data are being processed,
- To request information about the processing activities,
- To learn the purposes of processing and whether the data are used in accordance with those purposes,
- To know the third parties to whom your data are transferred domestically or abroad,
- To request rectification of incomplete or inaccurate data,
- To request erasure or destruction (“right to be forgotten”),
- To request notification of rectification/erasure operations to third parties,
- To object to adverse outcomes resulting from automated processing,
- To claim compensation for damages caused by unlawful processing,
- To request data portability (transfer to another controller).
8. How to Exercise Your Rights
You may submit your requests through one of the following channels:- By notary or registered mail with return receipt to our address in Kazım Özalp Mah. Nenehatun Cad. 101/4 Çankaya 06680 ANKARA / TURKEY,
- Via Registered Electronic Mail (KEP) to gulseren.ongun@hs01.kep.tr ,
- From the e-mail address previously provided to us and registered in our systems to privacy@gulserenongun.com ,
- Using secure electronic methods containing a mobile signature, e-signature or other means of identity verification.
9. Cookies and Third-Party Links
The Platform uses cookies. You can access our Cookie Policy at http://gulserenongun.com/en/cookie-policy We are not responsible for the privacy practices of third-party (public authorities, bar associations, courts, etc.) websites linked from the Platform.10. Amendments to the Policy
This Policy may be revised due to changes in legislation or our data processing activities. The current version will always be available at http://gulserenongun.com/en/privacy-policy at will be published.For any questions or requests, please contact us at privacy@gulserenongun.com or using the contact details above.
GÜLSEREN ÖNGÜN LAW OFFICE