Open menu

KVKK-GDPR Compliance Services

We offer tailor-made solutions with the ideal service packages to meet your needs for compliance processes.

Get Quote

KVKK-GDPR Compliance Services

We offer tailor-made solutions with the ideal service packages to meet your needs for compliance processes.

Get Quote

Practical Solutions and Expert Advice for
Your KVKK and GDPR Compliance Program

We are here for you to step into a more successful digital future by securing your
processes regarding privacy, security, and personal data with the help of our
end-to-end solutions for compliance and data protection.

KVKK and GDPR Legal Compliance and Management Consultancy Services

KVKK and GDPR Legal Compliance and Management Consultancy Services

CottGroup® is a leading holistic service provider offering tailor-made solutions to entities located in Turkey for all their business processes by presenting them with global solutions using the knowledge and local expertise it has. We are ready to be your solution partner with the right combination of people and technology to provide the most appropriate management and consultancy in your KVKK and GDPR compliance processes with our expert team of consultants. While our services can be applied specifically to relevant units and departments or to the whole organization, if you are a multinational organization subject to GDPR, we can offer our services with packages of various scopes, as well. Our service solutions are mainly as follows:

  • KVKK compliance consultancy service package
  • GDPR compliance consultancy service package
  • GDPR compliance consultancy customized for your entity abroad
  • KVKK and GDPR compliance consultancy service package
KVKK-GDPR Compliance Services Danışmanlığı Güvenlik

We offer solutions that will enhance your security infrastructure with the information we obtain about the movement of data within your organization.

KVKK-GDPR Compliance Services Privacy

We help you maximize the protection of personal data to ensure the continuity of privacy by identifying your processes.

KVKK-GDPR Compliance Services

We examine your existing policies and procedures, identify the areas of improvement, and draft them for you to ensure your compliance.

What is KVKK - GDPR?

The Law on the Protection of Personal Data (KVKK)

Regulated upon taking international documents, Turkish constitution, Turkish Laws, comparative law practices, and the current needs of our country into consideration, this Law aims to protect the fundamental rights and freedoms of individuals, and especially the privacy of personal life by processing personal data in contemporary standards. In this context, the Law regulates the conditions of processing personal data, the basic principles to be adopted regarding the protection of personal data, the obligations of natural and legal persons who process personal data, and the procedures and principles they will comply with.

EU General Data Protection Regulation (GDPR)

In order to make the regulations on the protection of personal data compliant in the member states of the European Union, The Personal Data Processing and Free Movement Directive No. 95/46/EC was abolished in line with the new requirements regarding the protection of personal data. Afterwards, in 2018, GDPR was put into practice. In order to ensure the data security of the EU residents, the regulation essentially aims to provide them with an effective approach to privacy and security by reshaping the organizations in terms of compliance.

Protection of Personal Data

Even though the concepts of fundamental rights and freedoms, personal data, privacy and security have been in our lives since the understanding of human rights emerged, these concepts have become even more important in our daily lives in recent times when the developments regarding technology and the implementation of fundamental rights and freedoms occurred. The Law on the Protection of Personal Data (KVKK), which is of the equivalence of GDPR in Turkey, gives us information and guides us on how to protect our personal data, along with our fundamental rights and freedoms.

Compliance Process: KVKK & GDPR Consultancy

KVKK has been put into effect in 2016 and all organizations were given a deadline until the end of April 2018 to review their personal data processes and complete their compliance with the Law.

Regardless of their organizational structures or the number of employees, all organizations in Turkey should have completed their KVKK compliance process by 2018. The completion of compliance process means that an organization arranges and executes any kind of personal data it keeps that belong to its employees, employee candidates, suppliers, stakeholders, etc., in other words, any kind of data that is subject to the processes which define us, in accordance with the conditions stipulated by the law.

Even if your organization is located within the borders of Turkey and provides services in Turkey, it will not be enough for you to be in compliance with the data protection processes in Turkey and KVKK, solely. You may also be subject to the data protection practices of EU, that is, GDPR. In this case, your compliance process to be implemented within your organization and the sustainability of which is to be followed, must cover both KVKK and GDPR. In today's world, your compliance process to be implemented should become a routine business process rather than an audit activity and personal data protection processes should be adopted as a corporate culture.

GDPR Compliance

In the Article 3 of the GDPR titled Regional Scope, it is regulated that natural or legal persons may be subject to the GDPR, even if they are not located within the borders of the European Union. In other words, it is elaborated in this article that it is possible for people who process personal data to be subject to both KVKK and GDPR. If an organization established in Turkey process data of EU residents by any means of communication with a person resident in EU or a different method (by selling products and/or services to EU residents, using one of the languages used in the EU countries in their online systems), in this case, the organization will be subject to GDPR regarding these persons; and with regard to the data processing activities carried out in Turkey, the organization will be subject to KVKK. That is, the organization will be obliged to fulfill the requirements of both laws.

Didn’t we have our personal data protected, before 2016?

Before KVKK came into force in 2016, there was a sanction for the unlawful acquisition, transmission and non-destruction of personal data in the Turkish Penal Code dated 12.10.2004. On 12.09.2012, with a paragraph added to the Article 20 of the Constitution, the protection of personal data has become a constitutional right. In 2016, based on the 1995 version of GDPR, the "data processing" processes that can be defined as any kind of transaction on the data were elaborated, and the terms in our lives were filled with the Constitution, Laws and International Conventions.

Data Inventory & VERBİS Registration

In the first phase, the internal organizational chart should be prepared and which personal data is processed in the departments/units within the organization should be specified by category (identity, communication, location, health, etc.). Afterwards, a data inventory should be prepared, and the following information should be included in the inventory.

  • Which personal data are processed in the specified categories (ID: Name, Surname, TR Identity Number etc.)
  • Natural person whose data are processed (customer, employee, supplier, stakeholder, third parties)
  • Purpose and legal reason of data processing
  • What types of personal data are processed; sensitive personal data (health, race, religion, gender) or personal data (name, contact information)
  • How long the processed data will be stored/Retention periods
  • Administrative and technical measures taken regarding the personal data processed
  • Whether data are transferred abroad or not

In the light of the data inventory prepared, a declaration should be made to the data controllers' registry through VERBIS. It should not be forgotten that; VERBIS and Personal Data Inventory should contain parallel information and be up to date.

Sustainability

Fulfilling the requirements of KVKK should not be understood as a one-time audit, consultancy receiving, or only as fulfilling the VERBIS registration.

Even if you fulfill some of your legal obligations in this way, it is necessary to ensure continuity for compliance with the Law and ensure that the information declared is up to date.

KVKK has entered our lives in 2016 and is still a law that requires us to adapt new practices to our processes with updates. One of the directives of this law is to ensure that all our activities are always sustained in accordance with the provisions of KVKK, that our record in VERBIS, our Personal Data Inventory and other documents prepared during the compliance process are always kept up to date. Besides, it is another point stated in KVKK that audits should be carried out periodically to ensure sustainability.

At this point, the audit, consultancy and sustainability services offered by CottGroup® will determine whether your processes comply with the law; and after completing the compliance process, by monitoring whether the sustainability is ensured or not, it will provide a guarantee of protection from administrative and legal sanctions that you may face.

You can access legal regulations on the protection of personal data and current decisions published by the Turkish Personal Data Protection Board through our page on KVKK legislations.

In addition, in order to find out details of the consultancy we can provide you as CottGroup® in your compliance process and the scope of sustainability services we offer to our customers after completion of the compliance process, you can contact us.

KVKK & GDPR Consulting Services - CottGroup
 

KVKK and GDPR Consultancy Services

By analyzing your risks that may arise due to legal incompliancy, we advise the required technical and administrative measures to have you process and store personal data fully compliant with the Law.

Click here for service details

How GDPR and KVKK Shall be Applied by Entities in Turkey?

  • If your company,

    • Provides service or goods to EU citizens that live outside the borders of EU or individuals residing within the EU borders,
    • Monitors the behaviors of these individuals,
    • Transacts business with EU companies,
    • Provides services in one of the EU languages,
    • Owns, processes, stores or deletes the personal information of data subjects who reside in the EU,

    Then, it will be subject to GDPR.

  • If your company,

    • Owns,
    • Processes,
    • Stores,
    • Deletes

    personal information indirectly, directly, partially or as a whole;

    then it will be subject to KVKK.

  • Being subject to GDPR shall mean,

    • To receive a written approval from data subject according to the feature of each personal data to be processed,
    • To process, store, transfer, anonymize, and delete personal data in line with the law,
    • To create a regulation that specify how to use each processed data,
    • To take technical measures and complete substructure for the security of the personal data and for processing them according to the GDPR,
    • To have a specific reason for processing each personal data and to make documentation,
    • To have the Binding Corporate Rules (BCR) in place regarding the personal data transfer processes to abroad,
    • To assign a Data Protection Officer for your company.

    Being subject to KVKK shall mean;

    • To process personal data in line with legislation,
    • To create a personal data inventory,
    • To complete technical infrastructure for sustaining data processing according to the legislation,
    • To prepare a personal data retention and destruction policy,
    • To have the Binding Corporate Rules (BCR) in place regarding the transfer of personal data to abroad and for the protection of the personal data,
    • To register with VERBIS (Data Controllers' Registry Information System).

Why Personal Data Protection Law is important?

Have You Appointed Your Data Controller Representative?

Are you sure your company is not subject to GDPR?

You can contact us to figure out whether you are subject to Personal Data Protection Law (KVKK) or EU’s General Data Protection Regulation (GDPR).

Click here for details

Execution of Data Protection Laws

KVKK and GDPR impacts your entity’s operations significantly, both by legal and technical aspects.

Administrative Penalties

Not compliant with the regulation or the responsibilities related to the Law, what will happen now?

Both KVKK and GDPR aim the minimization of data and to have transparent data processing procedure along with security and confidentiality methods. Besides, sanctions of any discrepancies with the legal obligations are strictly serious.

Although both laws have the same core idea, they differ on the penalties. It is crucial to cover obligations in the law that you have responsibility of, linked with compliancy periods, not to face with any enforcement and administrative legal procedures.

Incompliancy Penalties for KVKK to be Applied in 2021

  • Not registering with VERBIS (Data Controllers' Registry Information System) between the related dates; between 39.337 TL - 1.966.862 TL,
  • Not fulfilling the disclosure requirement on data transfer processes; between 9.834 TL - 196.686 TL,
  • Security incidents such as data breaches; between 29.503 TL - 1.966.862 TL,
  • In case the decisions made by the Board are not executed; 49.172 TL – 1.966.862 TL,

The given amounts are applied at the beginning of each calendar year by increasing the rate of revaluation determined and announced in accordance with the duplicated provisions of the Article 298 of the Tax Procedure Law No. 213 dated 4.1.1961 for that year.

In addition to these administrative fines mentioned in the Personal Data Protection Law, there are also jail sentences mentioned in the Turkish Criminal Code between 1 to 4 years.

According to the data of 2017, 41 data breach applications were made to the Turkish Personal Data Protection Authority and administrative fine of 125.000 TL was imposed in total as a result of these sanctions. In 2018, the amount of these data breach applications increased to 395 and 233 of them were investigated and responded by the Turkish Personal Data Protection Authority. Moreover, the administrative fines imposed in 2018 were 1.365.000 TL in total. Thus, the issue of personal data protection has been gaining more importance and the clock is ticking against the organizations who have not yet completed their compliance process.

Incompliancy Penalties for GDPR

In case of a probable data breach and/or incompliancy with the regulation, the sanctions to be imposed are very high when compared to KVKK.

The administrative penalty fine is determined as 4% of global revenue of the company that belongs to the previous year or 20.000.000 EUR Among these amounts, the highest one shall be imposed as a penalty fine.

Besides, the below mentioned ones shall also be imposed as a penalty:

  • Written warnings and notices,
  • Suspending data processing for a definite/indefinite period of time,
  • Demanding the processed data to be regulated, amended and/or limited,
  • Limiting the data transfer to any third-party country.

Basic Concepts: KVKK and GDPR

It is safe to say that GDPR is the enhanced version of Turkish Data Protection Law (KVKK) and the KVKK is the first version of GDPR, released on 1995 under the name (Directive 95/46/EC). Since both regulations are the same in core concepts, it is more efficient for your operations to analyze the liabilities at first, then proceed with the compliancy measures. It will allow you to save both time and resources.

Within this scope, simply below the main concepts are summarized.

KVKK (Personal Data Protection Law)

Key concepts on KVKK are;

  • Required to be in accordance with the law and good faith rules.
  • To have the data accurate and updated, where and when necessary.
  • To process data for specified, clear and legitimate purposes.
  • To have data that are linked with the processing purpose, limited and restrained.
  • To store as necessary for the processing purpose or as considered in KVKK.
  • Appointing an audit officer is not mandatory but recommended.

GDPR (General Data Protection Regulation)

Key concepts on GDPR are;

  • To process data in line with lawfulness, fairness and transparency for the data subject.
  • To have the data be accurate and where necessary keep it up to date.
  • To process data for specified, explicit and legitimate purposes.
  • To process data as necessary, related with the purpose and restrained.
  • To store data for no longer than necessary for its processing purpose.
  • The controller shall be responsible for all principles.
  • To have a DPO for compliance process.
KVKK - GDPR Consultancy & Compliance Services | Verisistem

Designing better ways to work through cutting-edge products, premium services and exceptional experiences that enable people to reach their full potential. HR, Talent, Benefits, Payroll and Compliance informed by data and designed for people.

Learn more at www.adp.com

Boss Yönetişim Hizmetleri A.Ş. is proud to be a local payroll partner of ADP in Turkey.

ADP, ADP logo and the slogan "Always Designing for PeopleTM" belong to the registered trademark of ADP, LLC.

Awards for CottGroup® Services

Service Exporters' Association 3rd Prize Winner
Ranked 4th among the Human Resources Management Software developers of Turkey
Ranked 7th as Consultancy Service Provider
Ranked 38th as Service Provider
Service Exporters' Association 3rd Prize Winner
Ranked 4th among the Human Resources Management Software developers of Turkey
Ranked 7th as Consultancy Service Provider
Ranked 38th as Service Provider

(*) Services Exporters' Association - 2019
(**) Bilişim 500 - 2019

Click for Other Awards

Let's Get Started.
Get a Quote for Your Service Needs.

I accept to receive newsletters, legislation, current news, new service suggestions, advertisements and announcements.

(*) I have explicit consent to the processing of my data within the framework of Online Visitor Clarification Text and Privacy Policy.

*Required Field

Send

Privacy Policy

CottGroup® companies network ("CottGroup®") includes independent companies with separate legal entities that provide various sections of this website and other websites in the CottGroup® member network; and this Personal Data Protection and Processing Policy applies separately for each CottGroup® member company.

This website you visited is affiliated with Boss Yönetişim Hizmetleri A.Ş. one of the CottGroup® member network companies.

Thank you for visiting our web site and reading our privacy and security statement.

Basic Information About Our Approach To Data Security And Privacy

CottGroup®’s network of companies (CottGroup®) has dedicated itself to ensuring the security of your personal data in all of its information systems. For CottGroup®, privacy and security matters form the basis of the relation between us and our customers. CottGroup® understands your particular concern about your confidentiality and security and place utmost importance on that matter.

CottGroup® consists of multiple independent members which provide various sections of the websites in CottGroup®’s network of members. Please click here to see our current member companies. New members to be added to the CottGroup®’s network of members in future will also be viewable by clicking the same link.

Information that you will be disclosing when using this web site may also be controlled by any other firm among the members of CottGroup®’s network in order to enable us to secure the control, inspection and security of the said data at the utmost level. Each independent member shall be legally liable for any data controlled and inspected by it.

CottGroup® Privacy Statement is applicable to all data processed by CottGroup®, including Personal Data collected or transmitted via our websites in CottGroup®’s network, our software and self-service applications, mobile applications or social media accounts and other online or off-line channels.

Protection of Personal Data

CottGroup® acts in the capacity of a data controller in line with KVKK no. 6698 and provisions of any other legislation applicable to the protection of personal data. Accordingly, personal data shall be processed only by CottGroup® personnel authorized to implement any privacy and security policy as well as services falling within the scope of duty of CottGroup®’s management office and the personnel named in the privacy and security authorization matrices, and those natural/legal persons authorized by CottGroup® for such purpose by fulfilling the condition of informing the data subjects. For details, please click the Personal Data Protection and Processing Policy.

Electronic Messages

Subject to communication consents provided by you during your communication with us regarding electronic (e-mail) messages and through any other CottGroup® channel, you will be deemed to have accepted to receive e-mail messages through your contact details, for the promotion of services offered by CottGroup® and its business partners, information on new products and services, announcements on issues regarding legislation, and other matters that may be of interest for you. In this respect, you may contact CottGroup® to request that messages are no longer sent to you through one or more than one communication channel.

Log Data, Cookies and Web Beacons

Cookies are program bits that are usually in the form of text files that may be embedded in laptops, desktop PCs and mobile devices, which collect various data.

Cookies may be used to collect the following data:

  • Internet Protocol (IP) address,
  • Domain name of the computer that you use for connecting to the website,
  • Date and time of your connection and the time you spend on the website.
  • Link of the page over which you connect our web site or the address of another CottGroup® website
  • Information about your computer, your browser’s brand, your operating system, Java support, flash version, your screen definition and connection speed and similar data,
  • Details of the page on the computer that is used for connection when a request is made from our web site,
  • Volume of the data in bytes, transferred on our website,
  • Contents of traceable cookies,
  • CottGroup® websites use temporary session cookies to render your online activities secure and to enhance the website performance;
  • Areas such as Login time, Username and User ID that are necessary for our software and self-service applications ("Applications");
  • Details of the URL over which the User has transmitted his last request through the Applications
  • Your browser’s language

Please click Cookie Policy for details.

Purpose of Using Your Data

We may use your personal data which we record during your visits to our website, via automated or non-automated means, or which you may disclose to us in communication forms, e-mails or via other electronic transactions, primarily for the purpose of satisfying your requests and subsequently for ensuring improvement of the services offered to you. Overall purposes of use of such data may be listed as follows:

  • To contact you,
  • To enable your access to the website or self-service options, by performing operations regarding your online account, including but not limited to the provision of a username and password,
  • To answer questions received from you,
  • To provide information about legislative changes and other important matters,
  • To ensure the administration of our website,
  • To improve our service quality.

Please do not disclose such data that you would not want us to collect for the purposes above. Please remember that unless you provide such data, we will be unable to contact you, and that your certain data may still be collected by means of cookies during your visit to this website.

Data Security

CottGroup® places utmost importance on the security of your data. CottGroup® places utmost importance on the security of your data. We take measures conforming to sector standards to prevent unauthorized collection and use of your data. Exchange of information on the İnternet is not generally secure. Therefore, we recommend you to exercise due care by user when exchanging information through our websites and online systems. If you don't take this care, CottGroup cannot guarantee you about security of your information and communication on the web-site or capture them by third parties.

When your information arrives at CottGroup®, it is protected in accordance with our security and privacy standards. Your data are stored for the purposes set out above and only for the durations required by the needs of our business process or as prescribed by law.

Data Transfer

We may transfer the personal information we collect about you to other countries different from the country we collect the data, as we use their services of the internet service providers, hosting companies, e-mail providers, domain providers (for example: Microsoft 365). Data protection laws and regulations applied in these countries may differ from the laws applicable in Turkey.

Hereby, we will protect your information in accordance with the applicable law as described in this Privacy Policy while transferring to other countries.

Protection for Children’s Online Activities

We support parents willing to supervise and control online activities of their children. In no event do we ask children on purpose to share their personal data. If we come to know that a person whose personal data are collected by us is younger than 13 years old, we may use such data to try to promptly inform his/her parents. This rule shall be applicable for age 16 under the European Union General Data Protection Regulation (GDPR).

Designing New Processes in Line With Privacy Rules

CottGroup® takes the most appropriate technological and organizational measures to ensure confidentiality when developing new systems and applies necessary developments for the processing of personal data in line with their intended purposes (Privacy by design).

Should you have any queries about this Privacy Policy, please click the link.

CottGroup® website: https://www.cottgroup.com

Online Visitor Clarification Text On The Processing Personal Data

Data Controller: Boss Yönetişim Hizmetleri A.Ş.

Address: Astoria Towers Büyükdere Cad. No: 127 B Kule Kat: 8 34394 Şişli, İstanbul, Türkiye

Boss Yönetişim Hizmetleri A.Ş. ("Company") prepared this Clarification Text as the data controller to inform you, our valuable online visitors, about your personal data that we process in accordance with the Law on the Protection of Personal Data (hereinafter referred to as "KVKK") and the relevant legislation.

1. Your Personal Data Processed and The Scope of The Processing

Personal data is any data that identifies you or makes you identifiable. For example, your name, surname, eye color, phone number or bank account information are considered personal data. On the other hand, processing your personal data refers to all kinds of processes such as obtaining, amending, registering, storing, retaining, deleting, disclosing, and transferring your data. We have provided the following information about the personal data we process:

ID Data

Your Processed ID Data Purposes of Processing
Your ID Data		 Collection Methods of
Your ID Data		 Legal Reasons Behind Our Data Processing Activities
  • Name
  • Surname
  • Execution of Customer Relationship Management Processes
  • Conducting Activities for Customer Satisfaction
  • Execution of Goods/Service Sales Processes
  • Online Electronic Forms
  • Contact Forms
  • It is required to process your personal data as a party to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms as a data subject.

Contact Data

Your Processed Contact Data Purposes of Processing Your Contact Data Collection Methods of Your Contact Data Legal Reasons Behind Our Data Processing Activities
  • Your contact data about your work (e-mail, address, phone number)
  • E-Mail Address
  • Address Information
  • Execution of Customer Relationship Management Processes
  • Conducting Activities for Customer Satisfaction
  • Conducting Communication Activities
  • Online Electronic Forms
  • Contact Forms
  • It is required to process your personal data as a party to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms as a data subject.

Customer Transaction Information

Your Processed Customer Transaction Information Purposes of Processing Your Customer Transaction Information Collection Methods of Your Customer Transaction Information Legal Reasons Behind Our Data Processing Activities
  • Request/Complaint Information
  • Execution of Customer Relationship Management Processes
  • Online Electronic Forms
  • Online Contact Forms
  • It is required to process your personal data as a party to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms as a data subject.

Transaction Security Information

Your Processed Transaction Security Information Purposes of Processing Your Transaction Security Information Collection Methods of Your Transaction Security Information Legal Reasons Behind Our Data Processing Activities
  • IP Address
  • Request Time and Date
  • Time zone Difference from Greenwich-mean-time (GMT)
  • Access Status/http Status Code
  • Amount of Data Transferred
  • Website to Which the Request Was Sent
  • Browser Information
  • Operating System and User Interface
  • Language and Version of the Scanner Software
  • Approximate Location Information
  • Execution of Customer Relationship Management Processes
  • Conducting Activities for Customer Satisfaction
  • Conducting Marketing Analysis Studies
  • Execution of Information Security Processes
  • Conducting Activities in Compliance with Legislation
  • Online Electronic Forms
  • Online Contact Forms
  • It is required to process your personal data as a party to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms as a data subject.

2. Our Retention Period for Storing Your Personal Data

We store your personal data for a period of time stipulated in the relevant legislation or for the periods of time required by the processing purposes. We will delete, destruct or anonymize your data by ex officio or upon your request, if legal reasons requiring data processing disappear.

3. Your Rights Regarding Your Personal Data

Data subject refers to the natural persons whose personal data are processed. As a data subject, you, our valuable online Visitors, have the following rights regarding your personal data processed under KVKK:

  • To learn whether your personal data are being processed,
  • To request information if your personal data are processed,
  • To learn the purpose of processing your personal data and whether this data are used for the intended purposes,
  • To know the third parties to whom this personal data is transferred domestically or abroad,
  • To request the rectification of the incomplete or inaccurate data, if there are any,
  • To request the deletion or destruction of this personal data under the conditions set forth in KVKK,
  • To request notification to the third parties that the personal data have been transferred to about the rectification of incomplete or inaccurate data and the deletion or destruction of personal data upon your request,
  • To object to the issues that have arisen due to the analysis of your data exclusively through automated systems and are to the detriment of you,
  • To request compensation for the damage arising from the unlawful processing personal data.

4. Methods To Follow to Exercise Your Rights

You can share your application and requests regarding your personal data with Boss Yönetişim Hizmetleri A.Ş. via Data Subject Application Form,

  • By sending it with your wet signature and a copy of your identity card to Astoria Towers Büyükdere Cad. No: 127 B Kule Kat: 8 34394 Şişli, İstanbul, Türkiye,
  • By sending an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • By applying in person with a valid identity document to Astoria Towers Büyükdere Cad. No: 127 B Kule Kat: 8 34394 Şişli, İstanbul, Türkiye

You, as a data subject, should include your name and surname, your signature if the application is in written form, your Turkish ID Number if you are a Turkish citizen, your nationality and passport number (or if you have an ID number) if you are foreigner, place of residence or business address for notifications, your e-mail address and fax number if you have one, and lastly, the subject of the request in your application with respect to legal requirements regarding the applications to data controllers. In addition, you should add documents and information confirming your identity to your application.

In order for us to operate the process in the most effective way for you, you should clearly and understandably indicate in your request which right you want to use and the details of the transaction you request.

We would like to emphasize that the request should concern the data subject itself. If the application is made on behalf of someone else, the person making the request should rely on a specially documented authorization for the requested transaction (power of attorney). Unauthorized applications will not be evaluated.

5. Evaluation of Your Application

By evaluating your applications, we respond to you as soon as possible and within 30 days of receipt as of the date of your application.

 

Our services continue..

Due to the Covid-19 Coronavirus pandemic to secure the health of our employees our business operations are held remotely until further notification. CottGroup® will have its business processes carried out efficiently and smoothly thanks to our BCP plans and strong technological infrastructure. As always, our customers and business partners will be able to reach us via our phones and e-mails.