Your personal data may be processed by Boden Attorney Partnership (“Boden“) as the data controller within the framework of the Personal Data Protection Law No. 6698 (“KVKK“) within the scope specified below.
Methods and Types of Collecting Personal Data
Depending on your relationship with Boden, your personal information may be obtained directly from you, from our Clients, suppliers, public authorities and from generally accessible sources. The types of personal data we may obtain through these sources are summarized below:
| Category of Personal Data | Personal Data |
| Identity | Name, surname |
| Contact | Data types such as phone number, postal address, email address and contact details |
| Registration | Data types such as newsletter requests, webinar and seminar registration information |
| Client service | Personal information about clients or types of data received from clients, third parties, such as billing details, payment history and client feedback information |
| Risk management | Document types such as official information, passports or other identity documents, AML/CTF screening records |
| Device | Types of information such as IP address, unique device identifier, other data associated with the device and data about the use of our website |
Purposes and Legal Basis for Processing Your Personal Data
Boden may process your personal data based on the personal data processing conditions specified in Article 5 of the KVKK within the framework of the following purposes and legal reasons.
| Category of Personal Data | Processing Purposes of Personal Data | Legal Grounds |
| Identity, contact, registration, client services and device data | Registering you or your organization as a client; Providing and managing legal services or other solutions in accordance with your or your organization’s instructions; Representing our clients and conducting litigation processes in accordance with the instructions given. | The processing of personal data of the parties to a contract is based on a legal ground, provided that it is directly related to the conclusion or performance of the contract. Another legal ground for this processing is that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. |
| Identity, contact, registration, client services and device data | Managing our business activities, including analyzing and improving our services and communication with our Clients, monitoring compliance with our policies and standards; managing our business relationships with our Clients and managing invoicing and payment transactions. | Provided that it is directly related to the conclusion or performance of a contract, it is based on the legal ground that the processing of personal data of the parties to the contract is necessary. Likewise, the mandatory processing of these data in order for the data controller to fulfil its legal obligation is evaluated within the framework of the same legal reason. Another legal basis for this processing is that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. |
| Identity, contact, registration, client services and device data | To ensure the security and effectiveness of our website and information technology systems; to protect the security of our technical infrastructure and communication in order to prevent and detect security threats, frauds or other criminal or malicious activities; provided that it does not harm the fundamental rights and freedoms of the person concerned, it is based on the legal reason that data processing is mandatory for the legitimate interests of the data controller. | It is based on the legal reason that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. |
| Identity, contact and registration data | Providing information on legal updates | Based on your explicit consent; It is based on the legal reason that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. |
| Identity, contact, registration, client services and device data | For compliance procedures (including, for example, anti-money laundering and anti-financing of terrorism regulations, trade sanctions and embargo laws) and to comply with our legal obligations regarding record retention (including Law No. 5651 and tax regulations) | The processing is based on the legal justification of the processing if it is expressly provided for by law and is necessary to comply with a legal obligation to which the data controller is subject. |
Recipient Parties and Purposes for Transferring Personal Data
Your personal data may be transferred in accordance with the data processing conditions determined by the Law and the rules on the transfer of personal data regulated in Article 5 of the KVKK and described in Articles 8 and 9. During the cross-border transfer of your data, we take all necessary measures to use, share and protect this data as specified in the Privacy Statement.
| Recipient Parties | Purposes for Transferring |
| Our partners (global law firms and business partners that collaborate with Boden) | To provide you with legal services and manage our relationship with you |
| Our suppliers and service providers include organizations providing services in various fields, such as providers of infrastructure and IT services, providers of account systems and HR systems, or third-party consultants. It may also include other legal experts such as mediators, experts, translators, couriers and other necessary organizations. | In order to manage our business activities |
| Our client (if we have collected your data from you or another client by providing legal services) | Where permitted by law, to provide these services to others |
| Companies providing services under anti-money laundering and counter-money laundering and terrorist financing regulations, trade sanctions and embargo laws, and companies providing similar services, such as financial institutions, credit reference agencies and regulators, with whom such personal data is shared. | Within the framework of compliance procedures |
| Courts, law enforcement agencies, regulators, government authorities or lawyers or other parties. | For the establishment, exercise or defence of a legal claim or for the purposes of a confidential alternative dispute resolution process |
| Legally authorized public bodies and legally authorized private bodies. | In order to fulfil our obligations arising from the legislation. |
Rights of Individuals Pursuant to Article 11 of the KVKK
Data subjects have the following rights under Article 11 of the KVKK:
- To learn whether the data concerning him/her is being processed or not,
- Request more information about the personal data processed,
- To learn the purpose of processing personal data and whether it is used in accordance with this purpose,
- Learn about third parties to whom data is disclosed domestically or abroad,
- To request correction of incomplete or incorrectly processed personal data and to request notification of the transaction made within this scope to third parties,
- To request the deletion or destruction of personal data for reasons that do not require their processing, even though they have been processed in accordance with the law, and to request notification of this process to third parties,
- Challenge decisions made through automated systems,
- To request compensation for damages incurred due to an unlawful transaction.
In case the requests regarding these rights are sent to info@boden-law.com, these requests will be evaluated within thirty days. Requests are finalized free of charge in principle. However, Boden reserves the right to demand the fee in the tariff determined by the Personal Data Protection Board.