As GRC LEGAL LAW FIRM (AV. MEHMET ŞAHİN) (“GRC LEGAL”), residing at “Kore Şehitleri Cad. Yzb. Kaya Aldoğan Sk. No:7/1 Zincirlikuyu Şişli/İstanbul” and registered with Istanbul-1 Bar Association, we pay the utmost attention to the security of your personal data. With this awareness we give a particular importance to process, preserve and delete the personal data of job applicants in accordance with Law no. 6698 (“the Law or KVKK”), secondary legislations (regulation, declaration, circular…) and binding resolutions of Personal Data Protection Committee. As a result of our sense of responsibility we, as the “Data Controller” process your personal data considering legal limitations and purposes mentioned below.

  1. Purposes of Processing Personal Data

GRC LEGAL, in accordance with legal boundaries and good faith, processes your data proportional and limited with below mentioned purposes:

  • To develop an advanced employment procedures,
  • To manage application, selection and position procedures,
  • To improve and maintain the policies of human resource,
  • To fill the employment gap of GRC LEGAL.
  • To recontact with you if your application receives approval.
  1. Transfer of Personal Data

Any kind of personal data you have provided to GRC LEGAL, are processed by only GRC LEGAL authorized units within the necessary data protection measures.

  1. Data Collection Methods and Legal Reasons of This Collection

Your personal data is collected by GRC LEGAL by means of automatic and non-automatic methods, under condition of being part of a data recording system, such as e-mail, phone, website and various forms or contracts and stored in oral, written or electronic media. In this context the personal information in your CV (name, surname, address, nationality, birthdate, sex, photo, education degree, phone number, e-mail address, attended courses, trainings and seminars, references), your suitability for work, your reasons for the rejection if the application receives rejection, etc. are processed in accordance with Article 5 § 2/d-e-f of the Law that allow  data processing if data is  made public by the data owner,  if the data processing is compulsory to establishing, exercising or protecting a right and if the data processing is compulsory for  legitimate interests of the Data Controller with the condition, not to violate fundamental rights and freedoms of the related person.


In addition, the responsibility for informing your references regarding the personal data of your references to GRC LEGAL and obtaining their explicit consent if necessary, belongs entirely to the applicant. It is essential that GRC LEGAL does not process your data other than your personal data, which will be sufficient to assess your suitability for work and position. Therefore, we recommend that you do not share your personal data other than those mentioned above in your applications and resumes and your suitability for the position, and especially your specially qualified personal data (such as health information, association, foundation, union membership, etc.).

  1. Rights of the Data Owners Under the Law

You can forward your requests under Article 11 of the Law “regulating the rights of the data subject” to the GRC LEGAL according to the “Communiqué on the Procedures and Principles of Application to the Data Controller”.