As GRC LEGAL LAW FIRM (AV. MEHMET ŞAHİN) (“GRC LEGAL”), residing at “Kore Şehitleri Cad. Yzb. Kaya Aldoğan Sk. No:7/1 Zincirlikuyu Şişli/İstanbul” and registered with Istanbul-1 Bar Association, we pay utmost attention to the security of your personal data. With this awareness, we attribute great importance to process and store personal data of real persons who work as insured, who work with us as natural person, all our clients at the GRC LEGAL, in compliance with Law no. 6698 (“the Law or KVKK”), secondary legislations (regulation, declaration, circular…) and binding resolutions of Personal Data Protection Committee. With this cognizance, we, as the data controller in accordance with the Law, process your personal data in compliance with following descriptions and within the limits of legislation.

  1. Personal Data Processing Purposes

Your personal data shall be processed within the limits specified in the Law, in a limited and measured manner in accordance with the law, honesty rules and always related to the purposes of; carrying out the necessary activities by GRC LEGAL business-development department to conduct commercial-client operations of the GRC LEGAL in compliance with legislation and legal policies; determining, planning and performing GRC LEGAL’s short, medium and long term business policies and core values; planning and performing human recourses operations of the GRC LEGAL; fulfilling of obligations arising from applicable legislation; managing client relations and corporate communications and ensuring commercial and legal security of legal and real persons who are in a business relation with us.

  1. Transferring Personal Data

Your personal data are transferred within the purposes mentioned above in compliance with the conditions specified in Article 8 and 9 of the Law to; legally authorized public institutions, judicial and administrative authorities, private legal and real persons empowered by other legislation, institutions and organizations authorized to supervise the GRC LEGAL, contracted paying agencies to fulfill the payments and financial obligations, business partners who are in league with the GRC LEGAL and service providers for managing and develop GRC LEGAL operations within the scope and limited of Legal Profession Law no 1136.

  1. Methods and Legal Reasons of Collecting Personal Data

Your personal data is collected by the authorized units of GRC LEGAL by means of automatic and non-automatic methods in oral, written or electronic media. In this context personal data in categories of identity, communication, personal file, legal operations, customer operation, physical place security, process security, risk management, finance, professional experience, marketing, visual and audial recordings and health are processed in accordance with Article 5/2/a-c-ç-d-e-f  of the Law that allow  data processing if it is; explicitly regulated by Law, directly related to form or execute a contract, obligatory for fulfillment of data controller’s legal obligations, compulsory for establishing, exercising or protecting a right and compulsory for legitimate interests of the Data Controller with the condition, not to violate fundamental rights and freedoms of the related person.

  1. Rights of Data Owners Under the Law

You may apply to GRC LEGAL at any time;

You may exercise your rights listed above through filling out and signing a form that you can obtain from us and apply to the following address personally or with a notary approved power of attorney:


Your application as a personal data owner, if you want to use or demand the use of your rights mentioned above, the request should be clear and understandable enough, the subject of your request should be related to you or if you are acting on behalf of someone else, you must submit a special power of attorney approved by the notary. First name, signature, identity number, residence or workplace address, e-mail address, telephone and fax number, and the presence of the requisite elements are obligatory in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller”. Applications that do not include such elements will be rejected by GRC LEGAL.

The GRC LEGAL reserves the right to make changes in this Notice, due to the Law, secondary regulations and Board decisions. Changes in the Notice and the current text will enter into force immediately as of the date of notification.