Here you can access most recent articles on legislative updates regarding Personal Data Protection Law, Social Security Law, Taxation Law, Occupational Health and Safety Law, Code of Obligations, Labor Law, Turkish Commercial Code, Law on Protection of the Value of Turkish Currency, Foreign Exchange Legislation, and Immigration Law in Turkey.
You can access the dates of the most recent international bilateral social security and double taxation treaties made between Turkey and other countries and relevant documents here.
CottGroup® is a leading holistic business service provider, that offers tailor made solutions to entities which have presences in Turkey in all field of operations by offering global solutions with the local knowledge and expertise it has. Just as in any other business operations you require assistance with, we are here to provide solutions and become your solution partner for local and global compliancy processes on Turkish Data Protection Law (TDPL / KVKK) and GDPR with our experienced consultant staff; offering the most accurate human – technology integration.
As of April 7, 2016, with the Turkish Data Protection Law being put in practice the entities in Turkey should have met the compliance requirements and be fully compliant with the Law in their operations. Thus, along with the local regulation, the entities in Turkey which are liable to GDPR, shall have met their obligations by May 25, 2018.
Considering the amount of workforce and dedication needs to be put in practice on the compliancy measures, we are here to become your solution partner by allowing you to save time and utilize your workforce in the most efficient way possible, considering the legal requirements were to be met yesterday as per to Laws' effective dates.
Our services can be provided for specific departments or units within your entity or if wished all departments can be unified and the service can be offered as a whole package to your presence in Turkey. Thus, if you are an organization that is also responsible from GDPR compliancy measures, we can offer tailor made solutions; similar to our other outsourcing services.
Our main service solutions are:
Our service is rendered with cooperation of the CottGroup® Project Team and your entity’s Project Group. The service to be provided includes full legal and technical consultancy along with the measures needs to be taken within the scope of full compliancy along with identifying and outlining policies and procedures on data deletion (anonymization, masking, pseudonymization, etc.), creating; company cookie and privacy policies, data deletion manuals and processes, data transfer and information protocols, consent documents, data inventory preparation, local data records information system (VERBIS) registration.
Once the service is completed, we provide your company a risk audit report and legal compliancy report. With the reports to be provided we guarantee you that your entity has successfully completed the necessary legal measures in regards the data protection regulations and is fully compliant with the either or both GDPR and KVKK regulations.
Our consultancy service includes;
GDPR and KVKK regulations, regardless of making it mandatory for compliance, are not clear on how the compliance is to be practiced and therefore leave a gap for the implementation in technical and administrative processes.
CottGroup® stands out from the other consulting agencies and law firms, at the standpoints on knowledge, expertise and technical infrastructure. As most consultants in the sector focus on the legal aspect of the implementation and compliancy, CottGroup® acts as your solution partner with the know-how on both legal and technological means all through the process. On our daily operations, due to the nature of being a BPO (Business Process Outsourcing) vendor, we receive, process and manage great volume of sensitive and personal data. Especially, contrary to the other vendors in the market we chose to manage and maintain our data center internally and we are not willing to outsource it which led us to maximize the data security by precluding any third-party to access data.
Our services are to be rendered in the smoothest operational processes with our expertise and differences mentioned above, especially on whilst forwarding your queries on informatics and relevant processes to our experts. With CottGroup®'s experienced support solutions of our consultant staff, we allow efficiency in the shortest amount of time. Our aim is to enhance and elaborate the principle of transparency and security in the field by sharing our technical knowledge with our clients.
Designing better ways to work through cutting-edge products, premium services and exceptional experiences that enable people to reach their full potential. HR, Talent, Benefits, Payroll and Compliance informed by data and designed for people.
Learn more at www.adp.com
ADP, ADP logo and the slogan "Always Designing for PeopleTM" belong to the registered trademark of ADP, LLC.
Let's Get Started.
Get a Quote for Your Service Needs.
CottGroup® companies' network ("CottGroup®") includes independent companies with separate legal entities that provide various sections of this website and other websites in the CottGroup® member network; and this Personal Data Protection and Processing Policy applies separately for each CottGroup® member company.
Thank you for visiting our website and reading our privacy and security statement.
Basic Information About Our Approach to Data Security and Privacy
CottGroup®'s network of companies (CottGroup®) has dedicated itself to ensuring the security of your personal data in all of its information systems. For CottGroup®, privacy and security matters form the basis of the relation between us and our customers. CottGroup® understands your particular concern about your confidentiality and security and place utmost importance on that matter.
CottGroup® consists of multiple independent members which provide various sections of the websites in CottGroup®'s network of members. Please click here to see our current member companies. New members to be added to the CottGroup®'s network of members in future will also be viewable by clicking the same link.
Information that you will be disclosing when using this website may also be controlled by any other firm among the members of CottGroup®'s network in order to enable us to secure the control, inspection and security of the said data at the utmost level. Each independent member shall be legally liable for any data controlled and inspected by it.
CottGroup® Privacy Statement is applicable to all data processed by CottGroup®, including Personal Data collected or transmitted via our websites in CottGroup®'s network, our software and self-service applications, mobile applications or social media accounts and other online or off-line channels.
Protection of Personal Data
CottGroup® acts in the capacity of a data controller and data processor in line with the Turkish Personal Data Protection Law (KVKK) no. 6698 and provisions of any other legislation applicable to the protection of personal data. Accordingly, personal data shall be processed only by CottGroup® personnel authorized to implement any privacy and security policy as well as services falling within the scope of duty of CottGroup®'s management office and the personnel named in the privacy and security authorization matrices, and those natural/legal persons authorized by CottGroup® for such purpose by fulfilling the condition of informing the data subjects. For details, please click the Personal Data Protection and Processing Policy.
Subject to communication consents provided by you during your communication with us regarding electronic (e-mail) messages and through any other CottGroup® channel, you will be deemed to have accepted to receive e-mail messages through your contact details, for the promotion of services offered by CottGroup® and its business partners, information on new products and services, announcements on issues regarding legislation, and other matters that may be of interest for you. In this respect, you may contact CottGroup® to request that messages are no longer sent to you through one or more than one communication channel.
Log Data, Cookies and Web Beacons
Cookies are program bits that are usually in the form of text files that may be embedded in laptops, desktop PCs and mobile devices, which collect various data.
Cookies may be used to collect the following data:
Purpose of Using Your Data
We may use your personal data which we record during your visits to our website, via automated or non-automated means, or which you may disclose to us in communication forms, e-mails or via other electronic transactions, primarily for the purpose of satisfying your requests and subsequently for ensuring improvement of the services offered to you. Overall purposes of use of such data may be listed as follows:
Please do not disclose such data that you would not want us to collect for the purposes above. Please remember that unless you provide such data, we will be unable to contact you, and that your certain data may still be collected by means of cookies during your visit to this website.
CottGroup® places utmost importance on the security of your data. CottGroup® places utmost importance on the security of your data. We take measures conforming to sector standards to prevent unauthorized collection and use of your data. Exchange of information on the İnternet is not generally secure. Therefore, we recommend you exercise due care by user when exchanging information through our websites and online systems. If you do not take this care, CottGroup® cannot guarantee you about security of your information and communication on the website or capture them by third parties.
When your information arrives at CottGroup®, it is protected in accordance with our security and privacy standards. Your data are stored for the purposes set out above and only for the durations required by the needs of our business process or as prescribed by law.
We may transfer the personal information we collect about you to other countries different from the country we collect the data, as we use their services of the internet service providers, hosting companies, e-mail providers, domain providers (for example: Microsoft 365). Data protection laws and regulations applied in these countries may differ from the laws applicable in Turkey.
Protection for Children's Online Activities
We support parents willing to supervise and control online activities of their children. In no event do we ask children on purpose to share their personal data. If we come to know that a person whose personal data are collected by us is younger than 13 years old, we may use such data to try to promptly inform his/her parents. This rule shall be applicable for age 16 under the European Union General Data Protection Regulation (GDPR).
Designing New Processes in Line with Privacy Rules
CottGroup® takes the most appropriate technological and organizational measures to ensure confidentiality when developing new systems and applies necessary developments for the processing of personal data in line with their intended purposes (Privacy by design).
CottGroup® website: https://www.cottgroup.com
Online Visitor Clarification Text On The Processing Personal Data
Data Controller: Boss Yönetişim Hizmetleri A.Ş.
Address: Astoria Towers Büyükdere Cad. No: 127 B Kule Kat: 8 34394 Şişli, İstanbul, Türkiye
Boss Yönetişim Hizmetleri A.Ş. ("Company") prepared this Clarification Text as the data controller to inform you, our valuable online visitors, about your personal data that we process in accordance with the Law on the Protection of Personal Data (hereinafter referred to as "KVKK") and the relevant legislation.
1. Your Personal Data Processed and The Scope of The Processing
Personal data is any data that identifies you or makes you identifiable. For example, your name, surname, eye color, phone number or bank account information are considered personal data. On the other hand, processing your personal data refers to all kinds of processes such as obtaining, amending, registering, storing, retaining, deleting, disclosing, and transferring your data. We have provided the following information about the personal data we process:
|Your Processed ID Data||Purposes of Processing
Your ID Data
|Collection Methods of
Your ID Data
|Legal Reasons Behind Our Data Processing Activities|
|Your Processed Contact Data||Purposes of Processing Your Contact Data||Collection Methods of Your Contact Data||Legal Reasons Behind Our Data Processing Activities|
|Your Processed Contact Data||Purposes of Processing Your Contact Data||Collection Methods of Your Contact Data||Legal Reason of Our Data Processing Activities|
Customer Transaction Information
|Your Processed Customer Transaction Information||Purposes of Processing Your Customer Transaction Information||Collection Methods of Your Customer Transaction Information||Legal Reasons Behind Our Data Processing Activities|
Transaction Security Information
|Your Processed Transaction Security Information||Purposes of Processing Your Transaction Security Information||Collection Methods of Your Transaction Security Information||Legal Reasons Behind Our Data Processing Activities|
2. Our Retention Period for Storing Your Personal Data
We store your personal data for a period of time stipulated in the relevant legislation or for the periods of time required by the processing purposes. We will delete, destruct or anonymize your data by ex officio or upon your request, if legal reasons requiring data processing disappear.
3. Your Rights Regarding Your Personal Data
Data subject refers to the natural persons whose personal data are processed. As a data subject, you, our valuable online Visitors, have the following rights regarding your personal data processed under KVKK:
4. Methods To Follow to Exercise Your Rights
You can share your application and requests regarding your personal data with Boss Yönetişim Hizmetleri A.Ş. via Data Subject Application Form,
You, as a data subject, should include your name and surname, your signature if the application is in written form, your Turkish ID Number if you are a Turkish citizen, your nationality and passport number (or if you have an ID number) if you are foreigner, place of residence or business address for notifications, your e-mail address and fax number if you have one, and lastly, the subject of the request in your application with respect to legal requirements regarding the applications to data controllers. In addition, you should add documents and information confirming your identity to your application.
In order for us to operate the process in the most effective way for you, you should clearly and understandably indicate in your request which right you want to use and the details of the transaction you request.
We would like to emphasize that the request should concern the data subject itself. If the application is made on behalf of someone else, the person making the request should rely on a specially documented authorization for the requested transaction (power of attorney). Unauthorized applications will not be evaluated.
5. Evaluation of Your Application
By evaluating your applications, we respond to you as soon as possible and within 30 days of receipt as of the date of your application.