Legal and privacy

Policy of protection and processing of personal data persuant to the law numbered 6698 on protection of personal data

I. ABOUT THE POLICY

We, as Mazars Denge[1] (the “Company”), take the security of and our legal responsibilities around your personal data very seriously.  Therefore, we attribute a great importance to the processing and protection of the personal data, in accordance with the Law numbered 6698 on Protection of Personal Data (“KVKK”), belonging to all the natural persons having a relation with the Company.

[1] Denge Akademi Yönetim ve Yatırım A.Ş.; Denge Bağımsız Denetim S.M.M.M. A.Ş.; Denge Denetim Yeminli Mali Müşavirlik A.Ş; Denge İstanbul Y.M.M. A.Ş.; Denge Serbest Muhasebe Mali Müşavirlik A.Ş; Denge Akademi Yönetim ve Yatırım A.Ş., Denge Ege Serbest Muhasebe Mali Müşavirlik A.Ş.; Denge G. Antep V.D.; Denge Ankara Bağımsız Denetim Yeminli Mali Müşavirlik A.Ş; Denge Başkent Serbest Muhasebeci Mali Müşavirlik A.Ş.; Denge Bursa Yeminli Mali Müşavirlik Ve Denetim A.Ş.; Denge Bursa Serbest Muhasebeci Mali Müşavirlik A.Ş.; Denge Batı Denizli Serbest Mali Müşavirlik A.Ş.

The purpose of Policy of Protection and Processing Of Personal Data pursuant to the Law Numbered 6698 on Protection of Personal Data (the “Policy”) herein is to provide information and explain the Data Subject’s rights in accordance with KVKK and its related in force secondary legislations in order to protect the fundamental rights and liberties of the natural persons, notably the right of privacy, in processing and transferring of the personal data belonging to natural persons with whom the Company has a relation while sustaining its commercial life.

The Policy herein aims also to explain the purposes of and the legal grounds for processing, transferring personal data as well as methods of collection therefor, within the scope of KVKK and its related secondary legislations.

The Company reserves the rights to amend the Purposes of Processing, Legal Grounds, Methods of Collection and Transferring of Personal Data and Policy of Protection and Processing of Personal Data.

When amending the Policy, for example based on, but not limited to, new legal requirements the text herein shall be published on our website, with its most up-to-date version.

II. DEFINITIONS

For the definitions and terms used in the Policy, the meanings defined in KVKK and in secondary legislations enacted within this scope shall be applied. In this context:

  • Explicit Consent: Freely given, specific and informed consent.
  • Data Subject: The natural person, whose personal data is processed.
  • Personal Data: All the information relating to an identified or identifiable natural person.
  • Processing of Personal Data: Any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means.
  • Data Processor: The natural or legal person who processes personal data on behalf of the Data Controller, based on his authorization.
  • Data Controller: The natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.

III. DATA SUBJECTS

The Company may collect and process personal data from:

  • Our clients, shareholders, suppliers, business contacts and potential clients (and/or from natural persons associated with them) and any other partners;
  • Natural Persons whose personal data we obtain in connection with providing professional services to our clients (e.g. our client's employees, customers and suppliers, our clients' government agency contact persons, and other advisors to the Data Subject);
  • Our employees, former employees, employees' family members and job applicants;
  • The visitors to our website and social media.

IV. DATA CONTROLLER

The Company, acting as the Data Controller, can process, record, save, rearrange, transmit in domestic or abroad your personal data, to the extent allowed by KVKK and within the scope of our commercial or business relations and based on the Data Subject’s consent, if required.

V. METHODS FOR COLLECTING PERSONAL DATA AND LEGAL GROUNDS

The Company may collect or obtain personal data because you give it to us, because other people give that data to us (e.g. our clients about their employees, customers, clients and other Data Subjects whose personal data they collect; other advisors to the Data Subject; government agencies; or third party service providers that we use to help operate our business etc.), through your connection to our Wi-Fi network, through our website and social media tools, or because it is publicly available.

Due to the fulfilment of legal requirements, performance of our contractual obligations, legitimate interests of the Company and other purposes and reasons mentioned below, we collect and maintain your personal data, as limited to the prescriptions provided by the legislation, through the automatic or non-automatic methods and sources such as:

  • Calls between you and all service units of the Company;
  • Applications made to our Company, in writing, verbally or electronically;
  • Subsidiaries, affiliates and third parties with whom we are in a close relation;
  • Meetings and congresses;
  • Governmental Agencies;
  • Third party service providers that we use to help operate our business;
  • Applications made via internet, SMS channels, social media;
  • Other companies providing supporting services;
  • Natural and/or legal persons, with whom a transaction is performed within the scope of any kind of legislation or contract;
  • Records shared with PTT, SSI and insurance companies within the scope of private health insurance;
  • Publicly available.

Apart from these, in case you use our website and agree, we also collect your personal data through the cookies in our website, as per our Cookie Policy (please see Chapter XI “Cookie Policy”).

VI. PROCESSED PERSONAL DATA

The personal data collected and processed by the Company, may differ according to the nature of the commercial and legal relation that you have with the Company.

However, we would like to state but not limited to the following data categories: your personal data such as your identity information, contact information, financial information, personal data of a special category, educational and visual information, your relatives’ data. This data can be processed in conformity with the conditions mentioned in Article 5 and 6 of the KVKK, according to the purpose for which it is required to be processes, and restricted only to this purpose, provided that data is up to date, where necessary.

IDENTITY INFORMATION

Name, surname, date of birth, age, country of birth, city of birth, gender, marital status, nationality, information of TR identity card, previous surname, copy of identity card, et seq.

CONTACT INFORMATION

Telephone number, information of mailing address, e-mail address, telephone number of the company, extension number, e-mail address of company, information of social media accounts et seq.

PERSONAL DATA OF SPECIAL CATEGORIES

In case obtained, information which are personal data of special category pursuant to the definition in KVKK.

For certain services or activities, and when required by law or based on the natural person's explicit consent, we may also collect special categories of personal data.

VISUAL AND AUDIO DATA

Photographs, images, camera records and audio records et seq.

FINANCIAL INFORMATION

Invoice, credit card debt, interest rate, tax amount, debts and balanced credits, IBAN information, other account information et seq.  which shows the financial result of the transactions effectuated by the Data Controller.

ELECTRONICAL DATA

Membership records, information on web passwords and codes, IP address, information on transaction security, logs et seq.

CUSTOMER INFORMATION

Customer’s claims, orders, instructions, complaints, product portfolio, likes, cookies records, Customer number, occupation, education information et seq.

MARKETING INFORMATION

Data obtained within the scope of the statistic, assessment and reporting activities, surveys, customer satisfactions forms, promotion and marketing activities et seq. to be made in line with the likes and interests of the relevant person.

LEGAL RECORDS

Data stated in the decisions of Court or Administrative Bodies and documents of Execution Directorates.

SECURITY INFORMATION

Information on the entrance to and exit from the workplace, interview records, visiting times and other detailed information, camera records et seq.)

CANDIDATES INFORMATION

Curriculum Vitae, interview notes, test results, habits, et seq.

OTHER DATA

Records and documents et seq. which must be submitted within the scope of audit activities.

VII. PURPOSES OF PROCESSING PERSONAL DATA

The company processes personal data until the statutory prescriptions for the following purposes:

A. FULFILMENT OF STATUTORY REQUIREMENTS

  • Complying with any requirement of law, regulation or a professional body of which we are a member of;
  • As any other provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
  • Executing the orders of judicial, administrative and legal authorities as well as execution directorates;
  • Executing the audit services for the Company.

B. PERFORMANCE OF OUR CONTRACTUAL OBLIGATIONS

We process personal data in order to deliver those services to our (potential) clients, which could be the Data Subject himself, the Data Subject’s employer or the Data Subject’s contracting party. 

C. LEGITIMATE INTEREST OF THE COMPANY

  • Directing, managing and developing our businesses and services;
  • We process personal data in order to run our business, including managing the relationship with our clients, sending service proposals to potential clients containing our employees’ credentials, meeting our own administrative, accounting and corporate obligations, maintaining and using our IT systems, developing our businesses and services, hosting events, managing our systems and applications;
  • Processing personal data about our suppliers, subcontractors and natural persons associated with our suppliers and subcontractors in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients;
  • Ensuring the personal data is up to date;
  • Providing for security, quality and risk management: protecting our own and our client’s information and within the scope of internal quality and risk analysis;
  • Evaluating the customer satisfaction and service quality;
  • Procuring communication with the purpose of celebrating and greeting;
  • Executing processes and operations like finance operations, communications, market research, purchasing operations (request, proposal, evaluation, order, budgeting, contracts), information back-up, in order to determine and apply the Company’s business strategies.

D. ESTABLISHMENT OF LEGAL AND COMMERCIAL SECURITY OF PEOPLE WHO HAVE BUSINESS RELATION WITH OUR COMPANY

  • Fulfilling the statutory requirement to provide information to the competent authorities;
  • Fulfilling legal transactions;
  • Identifying control of the visitors with the purpose of security and procurement of the visitor card.

E. ESTABLISHMENT OF THE COMMUNICATION AND OPERATIONS REGARDING THE COMMUNICATION

  • Establishing communication with the relevant persons;
  • Keeping the data of the relevant person up-to-date.

F. EXECUTION OF HUMAN RESOURCES POLICIES

  • Collecting data with the purpose of employment; this includes also the CVs received within the Human Resources Department by email or through different social media channels;
  • Completing the recruitment process;
  • Evaluating possible candidates;
  • Performing human resources operations in line with the human resources policies and to carry out obligations in the framework of Occupational Health and Safety;
  • Performing our obligations resulting from labour contracts and/or legislation (for the Company employees).

G. ENTREPRENEURSHIP, SUSTAINABILITY, SOCIAL RESPONSIBILITY, INNOVATION, CONFIDENTIALITY, RISK MONITORING, MODELLING, REPORTING, SCORING, SECURITY, EVALUATION ACTIVITIES

  • Evaluating, planning and executing sales and marketing activities regarding our products and services;
  • Executing our sustainability endeavours;
  • Diversifying our services within the Company;
  • Developing customer relations;
  • Planning and executing the sustainability and social responsibility projects.

H. DIRECT MARKETING

  • Promoting and developing our services, providing you with information that we think will be of interest to you and sending you invitations to our events.

VIII. PERSONAL DATA TRANSFER

In order for our Company to be able to fulfil its obligations arising from respective legislations including but not limited to the Code of Obligation, Commercial Code, Procedural Code of Tax, Law on Identity Declaration, Law on Protection of Personal Data your personal data may be transferred to the third parties, in accordance with conditions stipulated in Article 8 and 9 of KVKK, within the framework of applicable statutory restrictions.

It is also possible to transfer data without consent under the circumstances stated in Articles 5 and 6 of KVKK. The Company may transfer personal data to third parties in Turkey and to the entities under Group Companies with the  condition that it is transferred in accordance with KVKK and other relevant legislation, taking all the safety measures defined by the regulations and unless there is a clause stating the contrary in the Law, other relevant legislation, or, if applicable, the contract signed with the Data Controller based on the Data Subject’s consent, if required.

In addition, by obtaining your explicit consent when an explicit consent is required, we may transfer your personal data to the companies, producers, intermediary service providers which include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, IT systems maintenance as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing equipment, security camera records logged in order to ensure the physical security within our company, with other Mazars member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving Mazars member firms in different countries) and visitors / employees entry-exit control in the responsibility building management, legal services and legal support.

The transfer of your personal data abroad can only be made if you provide your explicit consent or if there is no such an explicit consent obtained from your side, within the framework provided by the law, if there is adequate protection as per the decision of the Board of Personal Data Protection in the country where the data are transferred.

If there is no such adequate protection, the data transfer will be performed only provided that our Company and the Data Controller in the relevant foreign country together undertake in a written form, to procure the adequate protection and the Authority gives the permission in this regard.

When we transfer your information, we provide adequate protection for the transfer of your personal information to recipients in those countries by entering into data transfer agreements based on the KVKK standards clauses with such data recipients.

IX. RETENTION OF PROCESSING

We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for the purpose of which it was collected; (ii) any prescription or retention period that is required by law; or (iii) the end of the liability period in which litigation or investigations might arise in respect of our services.

After the applicable retention period(s) have expired, personal data will be destroyed or anonymized.

X. DATA SECURITY

We ensure that appropriate technological and organisational controls are in place to protect your personal data from loss, misuse, alteration or unintentional destruction, as per Article 12 of KVKK.

Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data.  They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion.

Regular monitoring and testing of our security defences is carried out to ensure they continue to be effective against the latest threats.

XI. COOKIE POLICY

Navigation on our website may result in cookies being sent to your computer. Cookies are small text files that are placed on your computer by the websites that you visit. For further details, please consult our Cookie Policy: https://eng.mazars.com.tr/Cookies-information .

XII. CCTV (CLOSE CIRCUIT TELEVISION)

We operate a CCTV surveillance system throughout the workplace estate, with images being monitored and recorded centrally. The respective system is owned and managed by the Company and operated by the IT department.

CCTV is used for maintaining public safety, the security of property and for preventing and investigating crime. It may also be used to monitor staff when carrying out work duties on occupational environment.

Where necessary or required this information is shared with the Data Subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.

XII.       YOUR RIGHTS

Pursuant to KVKK, through an application to the data controller, you are entitled to:

  • be informed whether your data is being processed,
  • request information if it is processed,
  • learn the purpose of any processing of your personal data and whether it is being used in compliance with that purpose,
  • be informed of any third parties residing within the country or overseas to whom the data is transferred,
  • request adjustment if the personal data is processed incorrectly or in an incomplete manner,
  • request deletion or elimination of your personal data within the scope of the conditions laid out in Article 7 of KVKK,
  • request that unrelated persons are informed of the actions carried out as per your right to request adjustment, deletion or elimination,
  • object to a conclusion found against you as a result of analysing and processing your personal data exclusively through automated systems,
  • request compensation if you suffer any loss should your personal data be unlawfully processed.

The Company will handle all applications of your Data Subject rights in accordance with the requirements of KVKK and its related in force secondary legislations.  Should you wish to exercise any of your Data Subject rights please contact us in writing or electronically at our KEP e-mail addresses detailed below or to privacy@mazarsdenge.com.tr, with the subject line “Personal Data Information Request”, using this Application Form (can be found at [link ]), via the email address which was reported and it is currently stored in our system or using an electronic or mobile signature defined in Electronic Signature Law No.5070.

Name of the Company

Mersis Number

KEP Address

Denge İstanbul Y.M.M. A.Ş.

0291081988800015

denge.dis@hs03.kep.tr

Denge Denetim Y.M.M. A.Ş.

0291001190200016

denge.ddh@hs03.kep.tr

Denge Bağımsız Denetim S.M.M.M. A.Ş.

0291001299500019

denge.dbd@hs03.kep.tr

Denge Serbest Muhasebe Mali Müşavirlik A.Ş.

0291001338900017

denge.dsm@hs03.kep.tr

Denge Akademi Yönetim ve Yatırım A.Ş.

0291078838300010

denge.dyy@hs03.kep.tr

Denge Ege Serbest Muhasebe Mali Müşavirlik A.Ş.

0291082424600019

denge.ege@hs03.kep.tr

Denge Gaziantep YMM ve Denetim A.Ş.

0291081306800019

dengegaziantepyeminli@hs03.kep.tr

Denge Ankara Bağımsız Denetim Yeminli Mali Müşavirlik A.Ş.

0291001161900011

dengeankara@hs01.kep.tr

Denge Bursa Yeminli Mali Müşavirlik Ve Denetim A.Ş.

0291079433200044

dengebursaymm@hs06.kep.tr

Denge Bursa Serbest Muhasebeci Mali Müşavirlik A.Ş.

0291081356500011

dengebursasmmm@hs06.kep.tr

 

The Data Subjects should fill in the Data Subject Access Request Form (can be found at [link ]) and send a signed copy through a notary to Hürriyet Mah. Dr. Cemil Bengü Cad., Hak İş Merkezi No: 2 Kat 1–2, 34403 Çağlayan, İSTANBUL, TURKEY, or electronically to privacy@mazarsdenge.com.tr. For third persons to apply on behalf of the Data Subjects, the Data Subject must submit a duly power of attorney.

XIII. CHILDREN AND OUR WEBSITE

The Company understands the importance of protecting children's privacy, especially in an online environment. Our sites are not intentionally designed for or directed at children. It is our policy never to knowingly collect or maintain information about anyone under the age of 18 through our websites. If you are under 18 years of age you must obtain the consent of a parent or guardian to submit information via our website. Please ask them to review this information before you communicate with us. 

 Version of the Policy and the date of last update: V.1.1 – 11.04.2019

Version number

Publishing date

Changes

V1

23.01.2019

Creation

V1.1

11.04.2019

Including “sending service proposals to potential clients containing our team’s credentials” as legitimate interest

__________________________________________________________________________________________________

OTHER LEGAL TOPICS

Copyright Notice

All the content of this website are © Mazars Group and Mazars (Denge Denetim Yeminli Mali Musavirlik A.S).

General Conditions of Use

This service is for personal use only. It is strictly prohibited to circulate or reproduce all or part of the content for other purposes, in any form whatsoever. Failure to comply with this rule will be treated as infringement of copyright and civil or legal proceedings may be instigated against the person or entity responsible.
The information available on the website is not subject to contract and may be altered without warning. The services mentioned on the website may differ from the stated form or be unavailable outside the following country: Turkey. The website should not under any circumstances be treated as an advisory or consulting service. 
Mazars cannot be held responsible for any problems caused by consulting or using the website. Hypertext links provide access to sites run by third parties, over which Mazars has no control. Mazars disclaims all responsibility for the content of these sites.

[1] Denge Akademi Yönetim ve Yatırım A.Ş.; Denge Bağımsız Denetim S.M.M.M. A.Ş.; Denge Denetim Yeminli Mali Müşavirlik A.Ş; Denge İstanbul Y.M.M. A.Ş.; Denge Serbest Muhasebe Mali Müşavirlik A.Ş; Denge Akademi Yönetim ve Yatırım A.Ş., Denge Ege Serbest Muhasebe Mali Müşavirlik A.Ş.; Denge G. Antep V.D.; Denge Ankara Bağımsız Denetim Yeminli Mali Müşavirlik A.Ş; Denge Başkent Serbest Muhasebeci Mali Müşavirlik A.Ş.; Denge Bursa Yeminli Mali Müşavirlik Ve Denetim A.Ş.; Denge Bursa Serbest Muhasebeci Mali Müşavirlik A.Ş.; Denge Batı Denizli Serbest Mali Müşavirlik A.Ş.