- Visitors to our websites and other online properties
- Contact persons for our clients and/or prospective clients
- Contact persons for suppliers of goods and services to the Turk&Co.
- Any other individuals about whom the Turk&Co. obtains personal data
To the extent that the Turk&Co. process your personal data as the data controller, Turk&Co. is responsible for taking all physical, technical and administrative measures for the protection of personal data, preventing the illegal access to the data and illegal processing of the data.
Which Personal Data Do We Process?
We process the following categories of personal data about Site visitors, clients, prospective clients, suppliers and other third parties:
Basic data: Name, title, organization, job responsibilities, phone number, mailing address, email address, and contact details.
Special categories of data: in limited circumstances, we process special categories of data defined under the Data Protection Law where you have provided us with such information as it is necessary for a specific service we are providing to you.
Registration data: Newsletter requests, event/seminar registrations, subscriptions.
Client service data: Personal data relating to clients or data received from clients third parties, invoicing details and payment history.
Contact data: Data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences.
Compliance data: Government identifiers, passports or other identification documents, dates of birth, and due diligence data.
Job applicant data: Data provided by job applicants or others on our Sites or offline means in connection with employment opportunities.
Device data: Computer Internet Protocol (IP) address and other data linked to a device, and data about usage of our Sites.
We collect personal data from a number of sources, either directly from the data subjects, or from clients, colleagues and publicly available sources. Where Turk&Co. receives data from its clients about employees, customers or other individuals, the client is responsible for ensuring that any such data is transferred to us in compliance with the Data Protection Law and relevant legislation.
Purposes of Processing Personal Data
The purposes for which we use personal data, and the legal bases for such processing, are as follows:
- To provide legal advice and respond to inquiries we use basic data, registration data, and client service data. We need to process your information in this way in order to perform our obligations under our contracts with our clients.
- To manage our business operations and administer our client relationships we use basic data, registration data, contact data and client service data. This processing is necessary in order to perform our obligations under our contracts with our clients (e.g. issuing and processing invoices) and suppliers (e.g. managing the supply of goods and services to Turk&Co.).
- To make our Sites more intuitive and easy to use we use device data. It is necessary for our legitimate interests to monitor how our Sites are used to help us improve the layout and information available on our Sites and provide a better service to our Site users.
- To protect the security and effective functioning of our Sites and information technology systems we use basic data, registration data, transaction data, and device data. It is necessary for our legitimate interests to monitor how our Sites are used to detect and prevent fraud, other crimes and the misuse of our Sites. This helps us to ensure that you can safely use our Sites.
- To provide information and updates such as providing you with information about events or services that may be of interest to you including legal services, legal updates, client conferences or networking events, and groups of specific interest (e.g. specific types of networking groups) we use contact data, basic data, registration data, and client service data,. It is necessary for our legitimate interests to process this information in order to provide you with tailored and relevant information, updates and invitations.
- To address compliance and legal obligations, such as checking the identity of new clients and to prevent money laundering and/or fraud we use compliance data, basic data, registration data, transaction data, special categories of data, and device data. This processing is necessary for the purposes of complying with legal requirements to which we are subject.
Transfer of Personal Data
We may share personal data with the following categories of recipients:
- Business Partners: Turk&Co. operates in cooperation with other law firms and business partners around the world. We may share personal data with our global business partners and other global law firms in order to provide you with legal services and in order to administer our relationship with you or otherwise as necessary for the purposes described above.
- Suppliers and service providers: We share personal data with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above. These include: infrastructure and IT services providers, for example, the providers of our client intake system, our finance systems and our customer relationship management databases; third party consultants who provide us with support in respect of business analytics; and the providers of external venues where we host conferences and events.
We require such parties by contract to provide reasonable security for personal data and to use and process such personal data on our behalf only.
- Financial institutions: We share personal data with financial institutions in connection with invoicing and payments.
- Mandatory disclosures and legal claims: We share personal data in order to comply with any subpoena, court order or other legal process, to comply with a request from our regulators, governmental request or any other legally enforceable demand. We also share personal data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
You have control regarding our use of personal data for contacting you through information messages. If you no longer wish to receive any such communications, please follow the instructions in the relevant communication or contact us as per below.
Data Subject Rights
You have the following rights in relation to the processing of your personal data:
- Access. Subject to certain exceptions, you have the right to request a copy of the personal data we are processing about you, which we will provide to you in electronic form. At our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee.
- Rectification. You have the right to require that any incomplete or inaccurate personal data that we process about you is amended.
- Deletion. You have the right to request that we delete personal data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims or as per our retention obligations under the applicable laws.
- Restriction. You have the right to request that we restrict our processing of your personal data where:
- you believe such data to be inaccurate;
- our processing is unlawful; or
- we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
- Portability. You have the right to request that we transmit the personal data we hold in respect of you to another data controller, where this is:
- personal information which you have provided to us; and
- we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide legal services).
- Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim or as per our legal obligations.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge
In addition to the above, you have the following rights under the Data Protection Law:
- to learn whether the personal data relating to you are being processed,
- if it is processed, to request information with regard to processing,
- to learn purposes of the processing and whether they are used for such purpose or not;
- to know the third persons within or outside the country to whom the personal data are transferred,
- to request notifying third persons to whom the personal data are transferred, about the processes of deletion or correction of your personal data,
- to object to negative consequences about you that are concluded as a result of analysis of the processed personal data exclusively by automatic means,
- to claim indemnification if the you suffered damage due to illegal processing of your personal data.
- What are the consequences of not providing personal data?
- How long do we retain Personal Data?
Turk&Co. Law Firm
Bereketzade Mah. Bankalar Cad.
No:16/4 Galata, Beyoğlu/İstanbul