Privacy Notice
Your personal data may be processed by Synthia Danışmanlık Hizmetleri A.Ş. (“Synthia”) as the data controller in accordance with the Personal Data Protection Law No. 6698 (“Law”) within the scope specified below.
Method and Types of Collection of Personal Data
Based on your relationship with our company, your personal data may be collected directly from you or from our clients (e.g. your employer company), suppliers, public authorities and publicly available sources. Personal data types that we may collect through these channels can be summarized as follows:
Category of Personal Data
Personal Data
Identity data
Name, surname, identification number, identity cards, passports, government identifiers, or other identification documents
Contact data
Phone number, mail address, e-mail address, and contact details
Registration data
Newsletter, articles and legal news requests and subscriptions, contact form data, event, conference, webinar and seminar registration and attendance information
Client service data
Personal data relating to clients or data received from clients, third parties, invoicing details and payment history, and client feedback data
Device data
IP address, unique device identifier, other data linked to a device, and data about usage of our website
Human resources data
Data provided by job applicants on our website or offline means in connection with employment processes, such as name, surname, contact information, education, training or career development related information, information obtained from your referees and from carrying out security checks to assess your suitability for employment with us, any personal data you provided within your CV or other application documents, any other information we may request from you in the scope of assessing your job application
Risk management data
AML/CTF screening records
Processing Purposes of Personal Data and Applicable Legal Grounds
Your personal data may be processed by Synthia for the following purposes and legal grounds, based on the personal data processing conditions specified in Article 5 of the Law.
Category of Personal Data
Processing Purposes of Personal Data
Legal Ground
Identity data, contact data, registration data, client service data, and device data
To register you or your organization as a client of ours or as a registered audience of our insight contents; To provide and administer services or solutions, as instructed by you or your organization; To represent our clients as instructed
Based on the legal grounds that (i) processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract; (ii) processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
Identity data, contact data, registration data, client service data, and device data
To provide our services; To manage our business operations (including analyzing and improving our services and communications with our clients and to monitor compliance with our policies and standards); To operate our business relations with our clients; To deliver our insight contents to you; To manage billing and payments operations
Based on the legal grounds that (i) processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract; (ii) processing of personal data is necessary for compliance with a legal obligation to which the data controller is subject to; (iii) processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
Identity data, contact data, registration data, risk management data, and device data
To ensure the security and effectiveness of our website and information technology systems; To protect the security of our technical infrastructure and communications to prevent and detect security threats, frauds or other criminal or malicious activities
Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
Identity data, contact data, and registration data
To provide information on legal updates
Based on your explicit consent, and the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
Identity data, contact data, registration data, risk management, and device data
To ensure compliance (e.g. with anti-money laundering and countering financing of terrorism regulations, trade sanctions and embargo laws), To comply with our legal obligations concerning record retention (including those arising from Law no. 5651 and tax regulations)
Based on the legal ground that the processing is expressly provided for by the laws and is necessary for compliance with a legal obligation to which the data controller is subject to
Identity data, contact data, and human resources data
To communicate with job applicants, To evaluate job applications, To consider individuals for employment and contractor opportunities, To manage on-boarding procedures
Based on your explicit consent, and the legal grounds that (i) the data subject (i.e. you) have publicized the personal data; (ii) processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
Recipient Parties and Purposes for Transferring Personal Data
Your personal data may be transferred pursuant to the data processing conditions stipulated in Article 5 of the Law and in accordance with the rules regarding the transfer of personal data specified in Articles 8 and Article 9. During the transfer of your data, we take all necessary measures to use, share and protect that data as described in the Privacy Notice.
Recipient Parties
Purpose(s) of Transfer
Our business partners (such as global advisory or law firms and business associates with whom we cooperate)
To provide you with services and to manage our relationship with you
Our suppliers and service providers (such as infrastructure and IT services providers, and providers of accounting systems and HR systems or third-party counsels, experts, or other specialists such as translators, couriers or other necessary entities)
To manage and administer our business operations, and to execute our services to you
Our client (if we have collected your data through providing services to any of our clients)
Where permitted by law, to provide those services
Companies providing services for anti-money laundering and countering financing of terrorism regulations, trade sanctions and embargo laws and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared
To ensure compliance
The regulatory and supervision authorities, government officials or attorneys or other parties
To execute our representation services for you, to protect your interests
Legally authorized public institutions and legally authorized private institutions
To fulfil our obligations arising from the legislation
Data Subject’s Rights Specified under Article 11 of the Law
Data subjects are entitled to the below-listed rights under Article 11 of the Law:
-
Learn whether data relating to him/her are being processed;
-
Request further information if personal data relating to him/her have been processed;
-
Learn the purpose of the processing of personal data and whether data are being processed in compliance with such purpose;
-
Learn the third-party recipients to whom the data are disclosed within the country or abroad;
-
Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data is transferred;
-
Request erasure or destruction of data in the event that the data is no longer necessary in relation to the purpose for which the personal data was collected, despite being processed in line with the Law and other applicable laws and request such process to be notified to third persons to whom personal data is transferred;
-
Object to negative consequences about him/her that are concluded as a result of analysis of the processed personal data by solely automatic means;
-
Demand compensation for the damages he/she has suffered as a result of an unlawful processing operation.
You may exercise your aforementioned rights by communicating with info@synthiaadvisory.com e-mail address in writing. We will process and respond to such requests within thirty days. In principle, the requests shall be concluded free of charge. Nevertheless, Synthia reserves its right to demand a fee as per the Communiqué on Procedures and Terms Regarding Applications to the Data Controllers or other relevant legislation.
For Turkish version, please click here.