top of page

GSU

Your personal data may be processed by GSU Law as the data controller in accordance with the Personal Data Protection Law No. 6698 (“Law”) within the scope specified below. 

Privacy Notice

Method and Types of Collection of Personal Data

Based on your relationship with our partnership, your personal data may be collected directly from you or from our clients (e.g. your employer company), suppliers, public authorities and publicly available sources. Personal data types that we may collect through these channels can be summarized as follows:

Category Personal Data

Personal Data

Identity data

Name, surname

Contact data

Phone number, mail address, e-mail address and contact details

Registration data

Newsletter requests, webinar and seminar registration details

Client service data

Personal data relating to clients or data received from clients, third parties, invoicing details and payment history, and client feedback details

Risk management data

Government identifiers, passports, or other identification documents, AML/CTF screening records

Device data

IP address, unique device identifier, other data linked to a device, and data about usage of our website

Processing Purposes of Personal Data and Applicable Legal Grounds

Your personal data may be processed by GSU Law for the following purposes and legal grounds, based on the personal data processing conditions specified in Article 5 of the Law.

Category Personal Data

Processing Purposes of Personal Data

Legal Grounds

Identity data, contact data, registration data, risk management and device data

To ensure compliance (e.g. with anti-money laundering and countering financing of terrorism regulations, trade sanctions and embargo laws) To comply with our legal obligations concerning record retention (including those arising from Law no. 5651 and tax regulations)

Based on the legal ground that the processing is expressly provided for by the laws and is necessary for compliance with a legal obligation to which the data controller is subject to,

Identity data, contact data, registration data, client service data and device data

To register you or your organization as a client of ours, To provide and administer legal services or other services or solutions, as instructed by you or your organization. To represent our clients and execute litigation processes as instructed.

Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.

Identity data, contact data, registration data, risk management, and device data

To manage our business operations (including analyzing and improving our services and communications with our clients and to monitor compliance with our policies and standards) To operate our business relations with our clients To manage billing and payments operations

Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract Based on the legal ground that processing of personal data is necessary for compliance with a legal obligation to which the data controller is subject to Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject

Identity data, contact data and registration data

To ensure the security and effectiveness of our website and information technology systems To protect the security of our technical infrastructure and communications to prevent and detect security threats, frauds or other criminal or malicious activities; Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject

Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject

Identity data, contact data and registration data

To provide information on legal updates

Based on your explicit consent Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject,

Recipient Parties and Purposes for Transferring Personal Data

Your personal data may be transferred pursuant to the data processing conditions stipulated in Article 5 of the Law and in accordance with the rules regarding the transfer of personal data specified in Articles 8 and Article 9. During the cross-border transfer of your data, we take all necessary measures to use, share and protect that data as described in the Privacy Notice.

Recipient Parties

Purposes for Transferring

Legally authorized public institutions and legally authorized private institutions

To fulfil our obligations arising from the legislation

Courts, law enforcement authorities, regulators, government officials or attorneys or other parties

To establish, exercise or defence of a legal claim, or for the purposes of a confidential alternative dispute resolution process

Companies providing services for anti-money laundering and countering financing of terrorism regulations, trade sanctions and embargo laws and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared

To ensure compliance

Our client (if we have collected your data through providing legal services to any of our clients)

Where permitted by law to others to provide those services

Our suppliers and service providers (This refers infrastructure and IT services providers, and providers of account systems and HR systems or third-party counsels. It also includes mediators, experts, or other legal specialists such as translators, couriers or other necessary entities)

To manage our business operations

Our business associates (This refers to global law firms and business associates with whom GSU Law cooperates.)

To provide you with legal services and to manage our relationship with you

Data Subject’s Rights Specified under Article 11 of the Law

Data subjects are entitled to the below-listed rights under Article 11 of the Law:

  • Learn whether data relating to him/her are being processed;

  • Request further information if personal data relating to him have been processed;

  • Learn the purpose of the processing of personal data and whether data are being processed in compliance with such purpose;

  • Learn the third-party recipients to whom the data are disclosed within the country or abroad,

  • Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data is transferred.

  • Request erasure or destruction of data in the event that the data is no longer necessary in relation to the purpose for which the personal data was collected, despite being processed in line with the Law no. 6698 and other applicable laws and request such process to be notified to third persons to whom personal data is transferred.

  • Object to negative consequences about him/her that are concluded as a result of analysis of the processed personal data by solely automatic means,

  • Demand compensation for the damages he/she has suffered as a result of an unlawful processing operation.

 

In case requests relating to the aforementioned rights are conveyed to info@gsu-law.com such requests shall be evaluated within thirty days. In principle, the requests shall be concluded free of charge. However, GSU Law reserves its right to demand a fee from the tariff specifies by the Data Protection Board.

 

DATA CONTROLLER CONTACT INFORMATION:

GSU LAW FIRM

Attorney Mustafa Numan GENÇ

Attorney  Melik İslam ŞEKER

Attorney  Mehmet Murat UĞURLU

 

Address: Büyükdere Cad. Emlak Kredi Blokları A-2 Blok, K.7, D.31, 34330 Levent, Beşiktaş/İstanbul

Phone: +90 212 972 44 55

Email: info@gsu-law.com

Website: www.gsu-law.com

bottom of page