Privacy Notice
Ünlü Minareci Aslan Yücel Attorney Partnership (“UMAY”) may process your personal data as the data controller in compliance with Personal Data Protection Law No. 6698 (“Law”), as outlined below.
Method and Types of Personal Data Collection
We may gather your personal information from various sources, including you directly, clients (including your employer), suppliers, government agencies, and publicly available records. The kinds of personal data we collect are as follows:
-
Client Data: Client information, third-party data, invoicing, payment history, feedback
-
Contact Data: Phone, address, email
-
Device Data: IP address, device ID, website usage info
-
Identity Data: Name, surname
-
Registration Data: Newsletter, webinar, and seminar sign-ups
-
Risk Management Data: Government IDs, passports, AML/CTF screening records
Processing Purposes of Personal Data and Applicable Legal Grounds
UMAY may process your personal data according to Article 5 of the Law, for specified purposes and legal reasons.
Category: Identity data, contact data, registration data, client data, and device data
-
Processing Purposes:
-
Registering as our client.
-
Providing and managing legal or other services as instructed.
-
Representing clients and handling litigation as directed.
-
Performance of the contract (Article 5/2(c))
-
Legitimate interests pursued by the data controller (Article 5/2(f))
-
-
Legal Grounds:
-
Performance of the contract (Article 5/2(c))
-
Legitimate interests pursued by the data controller (Article 5/2(f))
-
Category: Identity data, contact, registration data, client data, and device data
-
Processing Purposes:
-
Overseeing operations,
-
Improving services and communications,
-
Ensuring policy compliance, managing client relations, and handling billing and payments.
-
-
Legal Grounds:
-
Performance of the contract (Article 5/2(c))
-
Legal duties (Article 5/2(ç))
-
Legitimate interests pursued by the data controller (Article 5/2(f))
-
Category: Identity data, contact data, registration data, risk management, and device data
-
Processing Purposes:
-
Ensuring the security and effectiveness of our website and IT systems.
-
Protecting technical infrastructure and communications from security threats, fraud, or malicious activities.
-
Processing data based on legitimate interests, while respecting data subjects' rights.
-
-
Legal Grounds:
-
Legitimate interests pursued by the data controller (Article 5/2(f))
-
Category: Identity data, contact data, and registration data
-
Processing Purposes:
-
Providing updates on legal developments.
-
-
Legal Grounds:
-
Consent (Article 5/1)
-
Performance of the contract (Article 5/2(c))
-
Legitimate interests pursued by the data controller (Article 5/2(f))
-
Category: Identity data, contact data, registration data, risk management, and device data
-
Processing Purposes:
-
Ensuring compliance with anti-money laundering, counter-terrorism financing laws, trade sanctions, and embargo regulations
-
Meeting retention requirements under Law no. 5651 and tax laws
-
-
Legal Grounds:
-
Legal duties (Article 5/2(ç))
-
Recipient Parties and Purposes for Transferring Personal Data
Your personal data may be transferred in accordance with the data processing provisions outlined in Article 5 of the Law, as well as the requirements regarding personal data transfers specified in Articles 8 and 9. For cross-border data transfers, we implement all necessary safeguards to use, share, and protect your data as described in our Privacy Notice.
-
Our business associates, including global law firms and other partners cooperating with UMAY, are provided with legal services and assist in managing our relationship with you.
-
Our suppliers and service providers, such as infrastructure and IT providers, account and HR system providers, third-party counsel, mediators, experts, and other legal specialists like translators and couriers, are engaged to support our business operations.
-
Our clients' data, collected through legal services provided to them, may be shared with others where permitted by law.
-
Companies involved in anti-money laundering, counter-terrorism financing, trade sanctions, embargo laws, and similar areas—including financial institutions, credit reference agencies, and regulatory bodies—are involved to ensure compliance.
-
Courts, law enforcement agencies, regulators, government officials, attorneys, and other parties may be involved to establish, exercise, or defend legal claims or for confidential dispute resolution.
-
Public and private institutions authorized by law are engaged to fulfill legal obligations.
Data Subject’s Rights Specified under Article 11 of the Law
Data subjects are entitled to the rights listed below under Article 11 of the Law:
-
To learn whether their personal data are being processed;
-
To request additional information if their personal data have been processed;
-
To understand the purpose of the data processing and whether it complies with that purpose;
-
To learn the third-party recipients, both domestic and international, to whom their data have been disclosed;
-
To request correction of processed personal data that is incomplete or inaccurate, and to have such corrections notified to third parties to whom the data have been transferred;
-
To request the erasure or destruction of data that is no longer necessary for the purpose it was collected for, despite being processed in accordance with Law no. 6698 and other applicable laws, and to have this process notified to third parties to whom the data have been transferred;
-
To object to any negative consequences resulting from automated analysis of their personal data;
-
To seek compensation for damages suffered due to unlawful data processing.
If requests related to the rights above are sent to info@umaylegal.com, they will be reviewed within thirty days. Generally, these requests will be handled free of charge. However, UMAY reserves the right to charge a fee as specified by the Data Protection Board.