Legislation Categories
Legislative Updates
Here you can access most recent articles on legislative updates regarding Personal Data Protection Law, Social Security Law, Taxation Law, Occupational Health and Safety Law, Code of Obligations, Labor Law, Turkish Commercial Code, Law on Protection of the Value of Turkish Currency, Foreign Exchange Legislation, and Immigration Law in Turkey.
Bilateral Treaties
You can access the dates of the most recent international bilateral social security and double taxation treaties made between Turkey and other countries and relevant documents here.
Get support from our expert consultants for all your queries and needs regarding Incentive Applications.
Advanced Incentive Management
Get support from our expert consultants for all your queries and needs regarding Incentive Applications.
Considering the ever-changing insurance premium incentives and income tax deductions, we offer the most advantageous incentive combination with the analysis of the appropriate incentives according to your current payroll details.
In recent years, there have been many changes in insurance premium incentives and income tax deductions in Turkey. Increasing registered insured employment and employment of disadvantaged groups such as women, youth, and disabled people; encouraging regional, large-scale investments and strategic investments, and considering the incentives that aim to reduce regional development disparities create a significant cost advantage. There are many conditions and dependencies that must be followed to benefit effectively from legal incentives.
For example, the following points affect the calculations:
When analyzing historical data for each employee, it is a very difficult process to manually monitor the retrospective analysis of the average number of employees. In addition, the detection of alternatives is only possible with software designed to produce the appropriate combination by considering different parameters.
Thanks to the advanced incentive software, we ensure that you benefit from all incentives you have difficulty in calculating. Based on your organization and workplace, we can report which incentives will provide the most profit for which employees using the software.
These incentives are paid by different institutions depending on the type of incentives that the institutions benefit from. For example, 5 points deduction amount is covered by the Treasury, the 6111 incentive amount is covered by the unemployment insurance fund, the incentive for disabled employees is covered by the Treasury, and the R&D incentive is covered by the Ministry of Finance. Therefore, different applications in these areas should be followed up continuously.
Your data is in good hands with our ISO 27001 and ISAE 3402 certificates.
Being the leading payroll service provider in the sector, our organization has a unique experience in payroll and related legislation.
We respond to you very quickly after we receive your data.
In addition to preparing reports based on employee and workplace, we share all our recommendations with you so that you can benefit from the incentives.
Boss Governance Services Inc. is proud to be the Local Partner of ADP.
With the strong technology of ADP that embodies the human touch with its experience, companies of all sizes, established all over the world, rely on ADP's cloud software and expert opinions to reveal their potential. HR, ability, fringe benefits, payroll, legal compliance, cooperation to create a better and stronger workforce.
ADP, ADP logo and the slogan "Always Designing for PeopleTM" belong to the registered trademark of ADP, LLC.
Awards for CottGroup® Services
(*) Services Exporters' Association - 2019
(**) Bilişim 500 - 2019
Let's Get Started.
Get a Quote for Your Service Needs.
Privacy Policy
CottGroup® companies network ("CottGroup®") includes independent companies with separate legal entities that provide various sections of this website and other websites in the CottGroup® member network; and this Personal Data Protection and Processing Policy applies separately for each CottGroup® member company.
This website you visited is affiliated with Boss Yönetişim Hizmetleri A.Ş. one of the CottGroup® member network companies.
Thank you for visiting our web site and reading our privacy and security statement.
Basic Information About Our Approach To Data Security And Privacy
CottGroup®’s network of companies (CottGroup®) has dedicated itself to ensuring the security of your personal data in all of its information systems. For CottGroup®, privacy and security matters form the basis of the relation between us and our customers. CottGroup® understands your particular concern about your confidentiality and security and place utmost importance on that matter.
CottGroup® consists of multiple independent members which provide various sections of the websites in CottGroup®’s network of members. Please click here to see our current member companies. New members to be added to the CottGroup®’s network of members in future will also be viewable by clicking the same link.
Information that you will be disclosing when using this web site may also be controlled by any other firm among the members of CottGroup®’s network in order to enable us to secure the control, inspection and security of the said data at the utmost level. Each independent member shall be legally liable for any data controlled and inspected by it.
CottGroup® Privacy Statement is applicable to all data processed by CottGroup®, including Personal Data collected or transmitted via our websites in CottGroup®’s network, our software and self-service applications, mobile applications or social media accounts and other online or off-line channels.
Protection of Personal Data
CottGroup® acts in the capacity of a data controller in line with KVKK no. 6698 and provisions of any other legislation applicable to the protection of personal data. Accordingly, personal data shall be processed only by CottGroup® personnel authorized to implement any privacy and security policy as well as services falling within the scope of duty of CottGroup®’s management office and the personnel named in the privacy and security authorization matrices, and those natural/legal persons authorized by CottGroup® for such purpose by fulfilling the condition of informing the data subjects. For details, please click the Personal Data Protection and Processing Policy.
Electronic Messages
Subject to communication consents provided by you during your communication with us regarding electronic (e-mail) messages and through any other CottGroup® channel, you will be deemed to have accepted to receive e-mail messages through your contact details, for the promotion of services offered by CottGroup® and its business partners, information on new products and services, announcements on issues regarding legislation, and other matters that may be of interest for you. In this respect, you may contact CottGroup® to request that messages are no longer sent to you through one or more than one communication channel.
Log Data, Cookies and Web Beacons
Cookies are program bits that are usually in the form of text files that may be embedded in laptops, desktop PCs and mobile devices, which collect various data.
Cookies may be used to collect the following data:
Please click Cookie Policy for details.
Purpose of Using Your Data
We may use your personal data which we record during your visits to our website, via automated or non-automated means, or which you may disclose to us in communication forms, e-mails or via other electronic transactions, primarily for the purpose of satisfying your requests and subsequently for ensuring improvement of the services offered to you. Overall purposes of use of such data may be listed as follows:
Please do not disclose such data that you would not want us to collect for the purposes above. Please remember that unless you provide such data, we will be unable to contact you, and that your certain data may still be collected by means of cookies during your visit to this website.
Data Security
CottGroup® places utmost importance on the security of your data. CottGroup® places utmost importance on the security of your data. We take measures conforming to sector standards to prevent unauthorized collection and use of your data. Exchange of information on the İnternet is not generally secure. Therefore, we recommend you to exercise due care by user when exchanging information through our websites and online systems. If you don't take this care, CottGroup cannot guarantee you about security of your information and communication on the web-site or capture them by third parties.
When your information arrives at CottGroup®, it is protected in accordance with our security and privacy standards. Your data are stored for the purposes set out above and only for the durations required by the needs of our business process or as prescribed by law.
Data Transfer
We may transfer the personal information we collect about you to other countries different from the country we collect the data, as we use their services of the internet service providers, hosting companies, e-mail providers, domain providers (for example: Microsoft 365). Data protection laws and regulations applied in these countries may differ from the laws applicable in Turkey.
Hereby, we will protect your information in accordance with the applicable law as described in this Privacy Policy while transferring to other countries.
Protection for Children’s Online Activities
We support parents willing to supervise and control online activities of their children. In no event do we ask children on purpose to share their personal data. If we come to know that a person whose personal data are collected by us is younger than 13 years old, we may use such data to try to promptly inform his/her parents. This rule shall be applicable for age 16 under the European Union General Data Protection Regulation (GDPR).
Designing New Processes in Line With Privacy Rules
CottGroup® takes the most appropriate technological and organizational measures to ensure confidentiality when developing new systems and applies necessary developments for the processing of personal data in line with their intended purposes (Privacy by design).
Should you have any queries about this Privacy Policy, please click the link.
CottGroup® website: https://www.cottgroup.com
Personal Data Protection Policy
1. Purpose and Scope
CottGroup® companies network ("CottGroup®") includes independent companies with separate legal entities that provide various sections of this website and other websites in the CottGroup® member network; and this Personal Data Protection and Processing Policy applies separately for each CottGroup® member company.
You may access our group companies within the CottGroup® Member Companies Network via following link.
The website you visited is affiliated with Boss Yönetişim Hizmetleri A.Ş., one of the CottGroup® member network companies.
The main objective of this Personal Data Protection Policy (the "Policy") is to provide explanations regarding the personal data processing activities carried out by the Company pursuant to the law and the systems adopted for the protection of personal data and, in this context, to provide transparency by informing the people whose personal data is being processed by our company.
This Policy applies to all activities managed by the Company regarding the processing and protection of personal data by the Company along with the relevant detailed data procedures.
2. Definitions
KVKK: Personal Data Protection Law numbered 6698
GDPR: EU General Data Protection Regulation
Data Processor: The natural person or legal entity that process data on behalf of the data controller with the authority given by the data controller
Data Controller: the one who defines the purpose and the means of processing personal data and responsible of the data recording system management
Data Subject: a natural person, includes but not limited to an employee, customer, business partners, stakeholders, authorities, leads, candidate for recruitment, intern, visitors, suppliers, employee of business partners, third parties of the Company and its affiliates with whom they have a commercial relationship, whose data is processed.
Explicit Consent: consent that is related to a specific issue based on information and expressed with free will.
Personal Data: any information related to a natural person whose identity is known or could be identified.
Sensitive Personal Data: Biometric and genetic information related with race, ethnicity, political or philosophical opinions, religion, sect or other believes, appearance, union memberships, health, sex life, convictions and security measures etc.
Processing of Personal Data: Any kind of operation performed on data such as obtaining, recording, storing, preservation, modification, reorganization, disclosure, transfer, takeover, making available, classification or preventing the use of personal data in fully or partially automated or non-automated ways, provided that it is part of any data recording system
Anonymization of Personal Data: to render data in such a way that it can no longer be associated with an identified or identifiable person even when the personal data is matched with other data.
Deleting Personal Data: to delete or to render personal data in such a way that it is no longer accessible or reusable for the users
Destroying Personal Data: rendering the personal data to make it inaccessible, unrecoverable and not useable by anyone
Company: Data controller CottGroup® companies.
KVK Board: Turkish Personal Data Protection Board
KVK Authority: Turkish Personal Data Protection Authority
3. Policy
The Company has different policies that cover protection of personal data along with the information security as regards certain work activities and functions. Unless this Policy has additional provisions or higher standards for the protection of personal data, the other different data protection provisions of the company shall prevail.
The relevant regulation provisions shall be first to apply in processing and protecting personal data; and if there happens any contradiction between the articles of this Policy and the legislation, then current legislation clauses shall prevail.
Herein this Policy is prepared in accordance with the rules and procedures foreseen in KVKK and related law for the protection of personal data. In his context, as Data Controller is also liable to prevent illegal processing of personal data and access and protect the personal data from being accessed illegally in accordance with KVKK, he/she must take all necessary technical and administrative measures.
4. Principles To be Followed While Processing Data
Our Company acts in accordance with the following general principles in all of its Personal Data Processing activities:
5. Personal Data Collected
Your personal data collected by our company varies according to the quality of the relationship with our company and the legal obligations. Your personal data collected can be listed as follows:
6. The Purposes of Processing Personal Data
Our company informs data subjects during obtaining personal data due to KVKK and related legislation. In this context, the Company makes a notification/information regarding the purpose of data processing, transfer of the data and to whom the data shall be transferred, the method of collecting personal data and the legal purpose of collecting personal data.
The purpose of processing personal data information varies according to the relationship between the company and personal data subject and legal nature of the business.
The purposes of processing personal data by the Company are as follows:
7. Methods of Processing Personal Data and Its Legal Ground
Personal data can be obtained/received by parties who are data subject and/or third parties who have explicit consent from the data subject.
The obtained personal data can be processed by collecting, saving, editing, configuring, storing, adapting, changing, using, transferring, deleting, destroying and anonymizing.
Personal Data may be processed by one or more of the above methods without the explicit consent of the data subject in the presence of one the legitimate reasons listed in Article 5 of KVKK:
8. Retention and Destruction of Personal Data
9. Transfer of Personal Data
a. Local Transfers
Personal data is not transferred to any third party without an explicit consent, unless it is legally required due to KVKK, relevant legislation and cases where it is mandatory to be shared with the external parties due to administrative / juridical cases. However, as per to the Article 5 and Article 6 of KVKK, in case legal grounds are present and it is legally required, on third party transferred, consent / explicit consent will not be observed.
Our Company fulfills its obligation to inform the Data Subject regarding this transfer. Accordingly, the institutions, organizations and / or persons that can be transferred are listed below.
b. Transfers to Abroad
The Company may transfer the personal data abroad by obtaining explicit consent of the data subject along with taking appropriate and necessary security measures foreseen in KVKK and related legislation. For the situations in which the explicit consent of the data subject is not sought, it is considered whether the country that the data will be transferred, is in "adequate country" stature and has enough protection or not. If the Authority considers that the transferee country is not in adequate country statute, the Authority approval should be taken, and a data transfer protocol should be signed to guarantee enough protection.
c. Parties Conducting the Transfers
10. Measures Regarding the Provision of Data Security
Our company takes technical and administrative measures to prevent data breaches to ensure the security of personal data. In this context, our Company;
11. Data Protection Officer (DPO)
12. Data Inventory
CottGroup® has established a data inventory as part of its approach to address risks and opportunities throughout its KVKK and GDPR compliance project.
CottGroup®’s data inventory determines:
13. Rights of The Data Subject
Within the scope of Article 11 of KVKK the data subject has the following rights and if he/she wishes, he/she can use his/her rights by reaching the data controller in the methods determined by him/her:
14. Exercises of Rights of Data Subject
In accordance with KVKK regulations; in cases you have inquiries on your rights, mentioned hereinbelow, by completing the Data Subject Application Form you can send it to the address; Astoria Towers Kempinski Residences Büyükdere Caddesi No:127 B Kule Kat:8 34394 Şişli-İstanbul/Türkiye along with ID verification documents either by hand or via postage services or by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it.. All queries will be answered within 30 days of receipt.
If the transaction requires an additional cost, the tariff set by KVKK will be charged.
CottGroup® website: https://www.cottgroup.com
Due to the Covid-19 Coronavirus pandemic to secure the health of our employees our business operations are held remotely until further notification. CottGroup® will have its business processes carried out efficiently and smoothly thanks to our BCP plans and strong technological infrastructure. As always, our customers and business partners will be able to reach us via our phones and e-mails.