CLARIFICATION TEXT OF GLOKEY’S CLIENT REGARDING THE PROTECTION OF PERSONAL DATA
APG Investment Danışmanlık Anonim Şirketi (“Company”), as the data controller, will record, classify, store, update, and process the personal data of relevant individuals in accordance with the Personal Data Protection Law No. 6698 (“Law) and the European Union General Data Protection Regulation (“GDPR”), with a primary focus on protecting the privacy of personal life. Where permitted by legislation and to the extent allowed, personal data may also be transferred to third parties.
This Clarification Text has been prepared in compliance with the applicable legislation, including but not limited to the Law and GDPR, as well as the regulations, communiqués, decisions, and guidelines issued by the Personal Data Protection Board (“Board”). In the event of any amendments to the Law / GDPR or other relevant legislation following the publication date of this Clarification Text, and if such amendments render this text inconsistent, the modified provisions and rules shall prevail. All communiqués, decisions, and guidelines published by the Board are closely monitored by us, ensuring that the rules stipulated in this Clarification Text remain up to date.
1.DEFINITIONS
In this Clarification Text;
- General Data Protection Regulation (GDPR): Refers to Regulation (EU) 2016/679 of the European Parliament and Council, published in the Official Journal of the European Union on May 4, 2016, and enforced on May 25, 2018,
- Personal Data: Refers to any information relating to an identified or identifiable natural person,
- Processing of Personal Data: Refers to any operation performed on personal data, whether fully or partially automated or processed by non-automated means, provided that it is part of a data recording system. This includes collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or restriction of data,
- Personal Data Protection Law (KVKK): Refers to Law No. 6698 on the Protection of Personal Data, which was published in the Official Gazette on April 7, 2016, and entered into force,
- Client: Refers to an individual who applies for or receives consulting services from the Company’s Glokey-branded business in the context of Turkish citizenship acquisition or foreign residence permit application processes,
- Board: Refers to the Personal Data Protection Board,
- Data Controller: Refers to a natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
2.DATA SUBJECT/RELEVANT PERSON
The data subjects covered by this Clarification Text are natural persons (“Clients”) who apply for or receive consulting services from the Company’s Glokey-branded business in the context of Turkish citizenship acquisition or foreign residence permit application processes.
3. IDENTITY OF THE DATA CONTROLLER AND ITS REPRESENTATIVE
In accordance with the Law, your personal data will be collected and processed by the data controller as outlined below. For any inquiries regarding the processing of your personal data, you may contact the Company’s Contact Person via email at info@glokey.com.tr.
4. PURPOSES OF PROCESSING PERSONAL DATA, LEGAL GROUNDS, AND METHODS OF COLLECTION
The Company may record, store, update, transfer to third parties, classify, and process your personal data in compliance with the conditions set forth under the relevant articles of the GDPR and the Law. The Company clearly defines the purposes for processing personal data and processes such data within the scope of its business activities and in connection with these purposes.
Your personal data collected through the channels and methods specified in this Clarification Text are processed by the Company for the following purposes and legal grounds:
| DATA PROCESSING ACTIVITY: EXECUTION OF CONSULTING SERVICES |
|---|
|
Processed Personal Data Identity Data: Full Name, ID Number/Passport Number, Passport Type, Passport Issue Date, Passport Expiry Date, Passport Issue Place, Date of Birth, Place of Birth, Marital Status, Gender, Mother’s Full Name, Mother’s Maiden Name, Father’s Full Name, Marriage Date and Place, Nationality, Past and Current Citizenship(s), Type of Identity Document, Identity Document Expiry Date, Tax Identification Number Contact Data: Email Address, Phone Number, Residence Address, Notification Address Education and Professional Status Data: Occupation Information, Educational Background Health Data: Contagious Disease Information, Treatment Status Information, Insurance Policy Information Data on Criminal Convictions and Security Measures: Criminal Record Information (Type of Crime, Country, Date, Sentence, Deportation Information) Visual and Audio Recording Data: Photograph (Biometric Photo if Required) Client Transaction Data: Purpose of Application, Type, Source, Nature, and Amount of Investment, Assets, Income, and Debt Information Legal Transaction Data: Documents and Correspondence Obtained from National and International Authorities, Application Type, Application Date and Number, Information Contained in the Application File Financial Data: Bank Name, Bank Account Number, IBAN Number, Swift Code Other Data: Reference Information, Spoken Languages and Their Levels, Current Residence Permit Information (Type, Number, Validity Date, Application Result) |
|
Purposes of Personal Data Processing Execution of Consulting Services, Management of Investment and Application Processes, Preliminary Assessment of the Applicant's Application Status, Execution of Contract Processes, Conducting Information and Communication Activities Related to Services, Evaluation and Response to Requests and Complaints, Management of Client Relations Processes, Matching and Referrals with Business Partners Suitable for the Type of Investment and Application, Providing Guidance and Support in Application Processes to Authorized Institutions and Foreign Representations, Execution of Storage and Archiving Activities, Providing Information to Authorized Persons, Institutions, and Organizations |
|
Legal Grounds for Processing Personal Data Your personal data is processed by the Company for the purposes outlined above, based on the following legal grounds specified in the GDPR and Article 5 of the Law:
|
|
Methods of Collecting Personal Data The personal data specified above is collected through automated and partially automated methods via forms and contracts filled out physically or on the Company's website, as well as passport and identity photocopies, population registry records, residence documents, birth certificates, marital status documents, health insurance policies, medical reports, foreign exchange purchase receipts, investment-related receipts, documents showing the source of investment, assets, income, and debt status, biometric and passport-sized photographs, criminal record certificates, diplomas, bank statements, travel documents, rental agreements, hotel reservation forms, and other documents included in the application file, which you have provided to the Company through face-to-face meetings, phone calls, email, WhatsApp, or similar communication channels. |
|
Transfer of Personal Data Your personal data, provided to us for the purposes outlined above, may be transferred to relevant authorities without the obligation of notification and without requiring your explicit consent, in accordance with Article 28 of the Law, if requested. Apart from this, in unforeseen circumstances, in the event that your personal data is explicitly required by law, it may be transferred to public institutions specified in the legislation (such as ministries, judicial authorities, law enforcement agencies, and other administrative bodies) within the scope and limitations prescribed by law. Additionally, your personal data may be shared with domestic and international business partners, insurance companies, authorized institutions, foreign representations, banks, notaries, sworn translation offices, information technology and archiving service providers, and legal advisors, in accordance with the conditions specified in Article 8 of the KVKK and the relevant provisions of the GDPR. Your personal data may be transferred abroad under the conditions specified in Article 9 of the KVKK and the relevant provisions of the GDPR. This includes cases where email addresses used for communication are and online communication applications stored in data centers located outside the country, as well as when foreign representations, business partners, application authorities, and their infrastructures are based abroad. |
|
DATA PROCESSING ACTIVITY: EXECUTION OF FINANCE AND ACCOUNTING OPERATIONS |
|
Processed Personal Data Identity Data: Full Name, Turkish ID Number/Passport Number Contact Data: Email Address, Phone Number, Address Financial Data: Invoice Information, Receipt Information, Consulting Service Fee, Payment Amount and Date |
|
Purposes of Personal Data Processing Execution of Contract Processes, Execution of Finance and Accounting Operations, Monitoring and Execution of Collection and Invoicing Processes, Execution of Storage and Archiving Activities, Providing Information to Authorized Persons, Institutions, and Organizations |
|
Legal Grounds for Processing Personal Data Your personal data is processed by the Company for the purposes outlined above, based on the following legal grounds specified in the GDPR and Article 5 of the Law,
|
|
Methods of Collecting Personal Data Your personal data, as specified above, is collected through receipts and invoices using automated and partially automated methods. |
|
Transfer of Personal Data Your personal data, provided to us for the purposes outlined above, may be transferred to relevant authorities without the obligation of notification and without requiring your explicit consent, in accordance with Article 28 of the Law, if requested. Apart from this, in unforeseen circumstances, in the event that your personal data is explicitly required by law, it may be transferred to public institutions specified in the legislation (such as ministries, judicial authorities, law enforcement agencies, and other administrative bodies) within the scope and limitations prescribed by law. Additionally, your personal data may be shared with financial advisors and legal consultants in accordance with the conditions specified in Article 8 of the KVKK and the relevant articles of the GDPR. Your personal data may be transferred abroad under the conditions specified in Article 9 of the KVKK and the relevant provisions of the GDPR, in cases where email contact addresses used for communication and online communication applications are stored in data centers located abroad. |
5. RETENTION AND DELETION PERIOD OF PERSONAL DATA
Your personal data will be processed in accordance with the relevant legislation on data protection, including the European Union General Data Protection Regulation (“GDPR”), Law No. 6698 on the Protection of Personal Data, and Regulation No. 30224 on the Deletion, Destruction, or Anonymization of Personal Data, as well as decisions made by the Board, national and international agreements, and other mandatory legal provisions. In any case, your personal data will be processed as long as the purposes and reasons for processing outlined in this Clarification Text persist (For example, records related to contractual relationships must be kept for 10 years in accordance with the relevant provisions of the Turkish Code of Obligations, Law No. 6098). Your personal data will be deleted once the purpose and legal grounds for processing cease to exist.
6. YOUR RIGHTS UNDER THE LAW AND GDPR
As personal data owners, you may submit your requests regarding your rights by filling out the Data Subject Application Form published on the website www.glokey.com.tr or by submitting it in writing with another document that includes the mandatory information as specified in the application form. Alternatively, you may also send it by using registered electronic mail (KEP), secure electronic signature, mobile signature, or the electronic mail address that the relevant person has previously provided to the Company and is recorded in the Company’s system, in a way that allows your identity to be verified. The Company will respond to your request as soon as possible and no later than thirty days, free of charge, based on the nature of the request.
In this context, personal data owners have the following rights:
- To learn whether personal data is processed or not,
- If personal data has been processed, to request information about it,
- To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
- To know the third parties to whom personal data has been transferred, whether within the country or abroad,
- To request the correction of personal data if it is inaccurate or incomplete, and to request that the correction be communicated to third parties to whom the personal data has been transferred,
- To request the deletion or destruction of personal data if the reasons for processing no longer exist, and to request that the process be communicated to third parties to whom the personal data has been transferred,
- To object to a result arising from the exclusively automated processing of personal data, which leads to negative consequences for the person,
- To request the compensation of damages in case of damage caused by the unlawful processing of personal data.
The Company ensures that the provisions of the applicable legislation will be implemented in case of any inconsistency between the changes in the legislation and this Clarification Text, and reserves the right to update the Clarification Text in accordance with any amendments in the applicable legislation or developments in personal data processing activities.
| Data Controller | APG Investment Danışmanlık Anonim Şirketi (Mersis No: 0071095680400001) |
| Address | Emaar Square Heights Blok No: 82 / Kat:32 / Daire No: 3209 Ünalan Mahallesi / Libadiye Caddesi / Üsküdar / İstanbul |
| Contact | info@glokey.com.tr |