Clarification Text Of Contact Form Regarding The Protection Of Personal Data

CLARIFICATION TEXT OF CONTACT FORM REGARDING THE PROTECTION OF PERSONAL DATA

APG Investment Danışmanlık Anonim Şirketi (“Company”), as the data controller, will record, classify, store, update, and process the personal data of relevant individuals in accordance with the Personal Data Protection Law No. 6698 (“Law) and the European Union General Data Protection Regulation (“GDPR”), with a primary focus on protecting the privacy of personal life. Where permitted by legislation and to the extent allowed, personal data may also be transferred to third parties.

This Clarification Text has been prepared in compliance with the applicable legislation, including but not limited to the Law and GDPR, as well as the regulations, communiqués, decisions, and guidelines issued by the Personal Data Protection Board (“Board”). In the event of any amendments to the Law / GDPR or other relevant legislation following the publication date of this Clarification Text, and if such amendments render this text inconsistent, the modified provisions and rules shall prevail. All communiqués, decisions, and guidelines published by the Board are closely monitored by us, ensuring that the rules stipulated in this Clarification Text remain up to date.

  1. DEFINITIONS

In this Clarification Text;

  • Board: Refers to the Personal Data Protection Board,
  • Contact Form: Refers to the form located under the “Contact” section on the Company’s website at www.apginvestment.com.tr, which is filled out and submitted to the Company by relevant individuals for the purpose of contacting the Company,
  • Data Controller: Refers to a natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system,
  • General Data Protection Regulation (GDPR): Refers to Regulation (EU) 2016/679 of the European Parliament and Council, published in the Official Journal of the European Union on May 4, 2016, and enforced on May 25, 2018,
  • Personal Data: Refers to any information relating to an identified or identifiable natural person,
  • Personal Data Protection Law (KVKK): Refers to Law No. 6698 on the Protection of Personal Data, which was published in the Official Gazette on April 7, 2016, and entered into force,
  • Processing of Personal Data: Refers to any operation performed on personal data, whether fully or partially automated or processed by non-automated means, provided that it is part of a data recording system. This includes collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or restriction of data.
  1. DATA SUBJECT/RELEVANT PERSON

The data subjects covered by this Clarification Text are natural persons whose personal data is processed in the context of contacting the Company by filling out the Contact Form available on the Company’s website at www.apginvestment.com.tr.

  1. IDENTITY OF THE DATA CONTROLLER AND ITS REPRESENTATIVE

In accordance with the Law, your personal data will be collected and processed by the data controller as outlined below. For any inquiries regarding the processing of your personal data, you may contact the Company’s Contact Person via email at apg@apginvestment.co.

  1. PURPOSES OF PROCESSING PERSONAL DATA, LEGAL GROUNDS, AND METHODS OF COLLECTION

The Company may record, store, update, transfer to third parties, classify, and process your personal data in compliance with the conditions set forth under the relevant articles of the GDPR and the Law. The Company clearly defines the purposes for processing personal data and processes such data within the scope of its business activities and in connection with these purposes.

Your personal data collected through the channels and methods specified in this Clarification Text are processed by the Company for the following purposes and legal grounds: 

DATA PROCESSING ACTIVITY: EXECUTION OF COMMUNICATION ACTIVITIES
Processed Personal Data

Identity Data: Full Name 

Contact Data: Email Address

Transaction Data: Subject, Message Content
Purposes of Personal Data Processing

Conducting Information and Communication Activities Related to Services, Evaluation and Response to Requests and Complaints, Management of Potential Client Relations Processes, Execution of Storage and Archiving Activities
Legal Grounds for Processing Personal Data

Your personal data is processed by the Company for the purposes outlined above, based on the following legal grounds specified in the GDPR and Article 5 of the Law: 

  • Necessity for the performance or establishment of a contract, provided that the processing is directly related to the contractual obligations of the parties,
  • Explicit consent.
Methods of Collecting Personal Data

Your personal data, as specified above, is collected through the contact forms available on the Company’s website.
Transfer of Personal Data

Your personal data, provided to us for the purposes outlined above, may be transferred to relevant authorities without the obligation of notification and without requiring your explicit consent, in accordance with Article 28 of the Law, if requested. Apart from this, in unforeseen circumstances, in the event that your personal data is explicitly required by law, it may be transferred to public institutions specified in the legislation (such as ministries, judicial authorities, law enforcement agencies, and other administrative bodies) within the scope and limitations prescribed by law. 

Additionally, your personal data may be shared with domestic and international business partners, and, if necessary, legal advisors, in accordance with the conditions specified in Article 8 of the KVKK and the relevant provisions of the GDPR. 

Your personal data may be transferred abroad under the conditions specified in Article 9 of the KVKK and the relevant provisions of the GDPR, in cases where email contact addresses used for communication and online communication applications are stored in data centers located abroad, as well as when business partners and their infrastructures are based abroad. 
DATA PROCESSING ACTIVITY: EXECUTION OF INFORMATION SECURITY PROCESSES
Processed Personal Data

Transaction Security Data: IP Address, User Traffic Information, Login/Logout Information, Port Number, MAC Address, Log Record, Connection Request Date, Traffic Information
Purposes of Personal Data Processing

Creation and Monitoring of Website Visitor and Login Records, Ensuring Information Security Processes, Ensuring Compliance with Legislation in Activities, Providing Information to Authorized Persons, Institutions, and Organizations, Execution of Storage and Archiving Activities
Legal Grounds for Processing Personal Data

Your personal data is processed by the Company for the purposes outlined above, based on the legal ground of explicit provision in the laws (such as the responsibility of the hosting provider under Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications).
Methods of Collecting Personal Data

Your personal data, as specified above, is collected through electronic automated registration software and servers during your visit to the Company’s website and when filling out electronic forms.
Transfer of Personal Data 

Your personal data, provided to us for the purposes outlined above, may be transferred to relevant authorities without the obligation of notification and without requiring your explicit consent, in accordance with Article 28 of the Law, if requested. Apart from this, in unforeseen circumstances, in the event that your personal data is explicitly required by law, it may be transferred to public institutions specified in the legislation (such as ministries, judicial authorities, law enforcement agencies, and other administrative bodies) within the scope and limitations prescribed by law. 

Additionally, your personal data may be transferred to companies providing information technology (hosting) and archiving services. Your personal data is not transferred abroad.
  1. RETENTION AND DELETION PERIOD OF PERSONAL DATA

Your personal data will be processed in accordance with the relevant legislation on data protection, including the European Union General Data Protection Regulation (“GDPR”), Law No. 6698 on the Protection of Personal Data, and Regulation No. 30224 on the Deletion, Destruction, or Anonymization of Personal Data, as well as decisions made by the Board, national and international agreements, and other mandatory legal provisions. In any case, your personal data will be processed as long as the purposes and reasons for processing outlined in this Clarification Text persist (For example, records related to contractual relationships must be kept for 10 years in accordance with the relevant provisions of the Turkish Code of Obligations No. 6098; traffic records must be kept for a maximum of 2 years in accordance with the relevant provisions of Law No. 5651). Your personal data will be deleted once the purpose and legal grounds for processing cease to exist.

  1. YOUR RIGHTS UNDER THE LAW AND GDPR

As personal data owners, you may submit your requests regarding your rights by filling out the Data Subject Application Form published on the website www.apginvestment.com.tr or by submitting it in writing with another document that includes the mandatory information as specified in the application form. Alternatively, you may also send it by using registered electronic mail (KEP), secure electronic signature, mobile signature, or the electronic mail address that the relevant person has previously provided to the Company and is recorded in the Company’s system, in a way that allows your identity to be verified. The Company will respond to your request as soon as possible and no later than thirty days, free of charge, based on the nature of the request. 

In this context, personal data owners have the following rights:

  • To learn whether personal data is processed or not,
  • If personal data has been processed, to request information about it,
  • To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
  • To know the third parties to whom personal data has been transferred, whether within the country or abroad,
  • To request the correction of personal data if it is inaccurate or incomplete, and to request that the correction be communicated to third parties to whom the personal data has been transferred,
  • To request the deletion or destruction of personal data if the reasons for processing no longer exist, and to request that the process be communicated to third parties to whom the personal data has been transferred,
  • To object to a result arising from the exclusively automated processing of personal data, which leads to negative consequences for the person,
  • To request the compensation of damages in case of damage caused by the unlawful processing of personal data. 

The Company ensures that the provisions of the applicable legislation will be implemented in case of any inconsistency between the changes in the legislation and this Clarification Text, and reserves the right to update the Clarification Text in accordance with any amendments in the applicable legislation or developments in personal data processing activitie.

Data Controller APG Investment Danışmanlık Anonim Şirketi (Mersis Number: 0071095680400001)
Address Kuruçeşme Mahallesi Öksüz Çocuk Sok. No: 6 Beşiktaş / İstanbul
Contact apg@apginvestment.co