E R T A
TR EN

G.D.P.R

G.D.P.R

GENERAL DISCLOSURE STATEMENT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

As ERTA INDEPENDENT AUDIT AND SWORN CPA LTD. CO. and ERTA CPA AND INDEPENDENT AUDIT INC. (“Company”), we attach utmost importance to the security of your personal data. With this awareness, we process and store personal data of real persons with whom the Company interacts in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”), the secondary regulations enacted or to be enacted pursuant to the Law (regulations, communiqués, circulars), and the binding decisions taken or to be taken by the Personal Data Protection Board. Acting with full awareness of this responsibility, in our capacity as the “Data Controller” as defined in the Law, we process your personal data within the scope of account opening procedures as explained below and within the limits prescribed by legislation.

  1. Information Regarding the Data Controller

In accordance with the Law, ERTA INDEPENDENT AUDIT AND SWORN CPA LTD. CO. and ERTA CPA AND INDEPENDENT AUDIT INC., located at Halaskargazi Cad. No:114 Floor:7 Flat:14 Şişli / Istanbul / Türkiye, are the Data Controller.

  1. Purposes of Processing Personal Data

Your personal data is processed by the Company in accordance with the principles set forth in the Law, in compliance with the law and good faith, in a manner that is accurate and, where necessary, up to date, for specific, explicit, and legitimate purposes, and limited and proportionate to these purposes. These purposes include carrying out the Company’s commercial activities in compliance with legislation and Company policies, conducting necessary work by business units, determining, planning, and implementing short, medium, and long-term commercial strategies, designing and executing human resources processes, fulfilling legal obligations arising from applicable legislation, managing customer relations and corporate communication processes, and ensuring the commercial and legal security of real and legal persons with whom the Company has business relations.

  1. Transfer of Personal Data

Your personal data may be transferred, within the scope of the above purposes and in compliance with Articles 8 and 9 of the Law, to legally authorized public institutions and organizations, judicial and administrative authorities, private law legal entities and real persons permitted by relevant legislation, institutions and organizations authorized to audit the Company, contracted payment institutions for fulfilling payments and financial obligations, business partners from whom services are received or with whom cooperation is established for the execution and development of the Company’s activities, and only when necessary, to the Company’s suppliers. In case you contact us via email, your data may be transferred abroad due to the location of email servers, provided that necessary data security measures are taken as stipulated by the Law.

  1. Method and Legal Basis of Collecting Personal Data

Your personal data is collected by authorized units and employees of the Company through automatic and non-automatic methods, verbally, in writing, or electronically. In this context, personal data in categories such as identity, contact, location, personnel records, legal transactions, customer transactions, physical security, transaction security, risk management, finance, professional experience, and marketing are processed based on the legal grounds set forth in Article 5/2 of the Law, including the necessity of processing personal data belonging to the parties of a contract for the establishment or performance of the contract, the necessity for the data controller to fulfill its legal obligations, the fact that the data has been made public by the data subject, and the necessity of processing data for the legitimate interests of the Company without harming the fundamental rights and freedoms of the data subject.

  1. Rights of Data Subjects Under the Law

At any time, you may apply to the Company and:

  • Learn whether your personal data is processed,
  • Request information if your personal data has been processed,
  • Learn the purpose of processing your personal data and whether they are used in accordance with that purpose,
  • Know the third parties to whom your personal data is transferred domestically or abroad,
  • Request correction of your personal data if it is incomplete or incorrectly processed,
  • Request deletion or destruction of your personal data within the framework of the conditions set forth in Article 7 of the Law,
  • Request notification of the transactions carried out pursuant to subparagraphs (d) and (e) of Article 11 of the Law to third parties to whom your personal data has been transferred,
  • Object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,
  • Request compensation for damages in case you suffer damage due to unlawful processing of your personal data,

You may exercise your rights. You can submit your requests regarding your rights and the implementation of the Law by filling out the application form available at www.ertadenetim.com and sending it with a wet signature via notary, registered mail, or by personal application to Halaskargazi Cad. No:114 Floor:7 Flat:14 Şişli / Istanbul / Türkiye, or by signing the application form electronically with your mobile signature or secure electronic signature and sending it via your registered email address in the Company’s system or via your KEP address to haber@ertadenetim.com. The Company will respond to such requests in writing free of charge up to ten pages, and will charge 1 Turkish Lira per page for responses exceeding ten pages. If the response is provided in a recording medium such as CD or flash memory, the fee requested by the Company will not exceed the cost of the recording medium.