Protection of Personal Data

DISCLOSURE TEXT ON THE PROCESSING OF PERSONAL DATA OF ASSOCIATION MEMBERS/MEMBER REPRESENTATIVES

Dear Member/Member Representative,

As the Corporate Governance Association of Turkey (“Association”), we attach great importance to the protection of your personal data. In this regard, in accordance with the Personal Data Protection Law no. 6698 (“PDPL”), we process1 your personal data in accordance with the PDPL and within the scope of the purposes and limits specified below and we take the utmost care to take the necessary administrative and technical measures accordingly. For this reason, we would like to inform you, our association members or representatives of association members as legal entities, about our procedures for processing your personal data and your rights under the PDPL by means of this “Disclosure Text on the Processing of Personal Data of Association Members/Member Representatives” (“Disclosure Text”).

Processing of Your Personal Data

Based on your membership relationship with the Association, we process the following personal data in accordance with the relevant legislation and the Association Charter:

a. Identity Information: Name, surname, Turkish ID number, identity information.

b. Contact Information: Contact address, telephone number, e-mail address, and, if applicable, mobile phone number, fax number, or other means of communication of your choice that you have provided to the Association for the purpose of communicating with you.

c. Employment and Education Information: The name of the organization where you work for, your position in that organization, the last organization you served, the last school you graduated from, and the degree you received from that school, submitted voluntarily through the application form you have filled out as part of your membership in the Association.

d. Personal Data of Special Nature: Although the Association does not process such information directly, data on your religion, philosophical beliefs, political opinions, and health (e.g. clothing, devices, and prostheses visible in a photograph), which may be obtained indirectly from the identity document and photographs you have submitted to the Association, as well as the names of the associations of which you are a member as voluntarily specified in the membership application form.

(The data listed above in the text will constitute personal data under the PDPL to the extent that it belongs to our members as natural persons and as representatives of our members as legal entities, and such information will be referred to as “Personal Data” in this text).

Method and Legal Reason for Collecting Your Personal Data

Your Personal Data is collected and processed physically during the membership application to the Association or through the application form filled out on the Association’s website at www.tkyd.org.tr and through the documents physically submitted or electronically transmitted regarding membership to the Association pursuant to the Association’s Statute, as well as verbally or in writing or electronically through the information provided to the Association officials as part of various communications with the Association (such as contacting the Association by phone or e-mail).

In this context, your Personal Data is processed pursuant to legal reasons such as carrying out activities in line with the purposes and working subjects specified in the Charter of the Association, organizing, managing and executing events and related processes for the Association’s members or representatives such as general assemblies, working group meetings, summits, agenda meetings, other member meetings, ensuring communication between the Association and the members on issues related to membership rights and obligations and fulfilling the relevant rights and obligations, executing internal reporting activities, submitting necessary information and documents to administrative institutions and organizations and courts upon the request of these institutions, organizations or courts, keeping the books and records required to be kept by the Association under the legislation, fulfilling the legal obligations of the Association, which is the data controller pursuant to Article 5/2(ç) of the PDPL within the scope of fulfilling the obligations in accordance with the Associations Law No. 5223, the Associations Regulation and other legislation provisions, communicating with members, providing information about the promotion of the Association and the activities carried out, determining and implementing the activities and services of the Association, executing service policies, strengthening communication and cooperation within the association, informing members within the scope of association activities, ensuring the security and supervision of all facilities belonging to the Association, processing data mandatorily for the legitimate interests of the Association, provided that it does not harm the fundamental rights and freedoms of our members (representatives of our members as legal entities) in accordance with Article 5/2(f) of the PDPL for the purposes of copying/backup to prevent data loss, and additionally, fulfilling its responsibility at the point where data processing is mandatory for the establishment, use or protection of the right in accordance with Article 5/2(e) of the PDPL in order to carry out legal processes related to the Members.

When processing your Personal Data, the Association acts in accordance with the data processing principles and obligations specified within the scope of the relevant legislation, especially the Constitution of the Republic of Turkey, international conventions to which our country is a party, PDPL, secondary legislation and guidelines and policy decisions published by the Personal Data Protection Board.

Purposes of Processing Your Personal Data

Your Personal Data is processed for the purposes set out below:

a. Carrying out activities in line with the purposes and working subjects specified in the Charter of the Association,

b. Organizing, managing and executing events and related processes for the Association’s members or representatives such as general assemblies, working group meetings, summits, agenda meetings, and other member meetings,

c. Ensuring communication between the Association and the members on issues related to membership rights and obligations and fulfilling the relevant rights and obligations,

d. Providing information about the promotion of the Association and the activities carried out,

e. Determining and implementing the activities and services of the Association, executing service policies,

f. Strengthening communication and cooperation within the association,

g. Execution of internal reporting activities,

h. Informing members as part of association activities,

i. Ensuring the security and supervision of all facilities belonging to the Association,

j. Submitting necessary information and documents to administrative institutions and organizations and courts upon the request of these institutions, organizations, or courts,

k. Keeping the books and records required to be kept by the Association under the legislation,

l. Fulfilling the obligations in accordance with the Associations Law No. 5223, the Associations Regulation and other legislation provisions,

m. Carrying out legal processes related to members,

n. Copying/getting backups to prevent data loss.

Domestic or International Transfer of Your Personal Data and Purposes of Transfer

The Association may transfer your Personal Data to the following persons in the manner and under the circumstances specified below, in accordance with the basic principles stipulated by the PDPL and subject to the conditions specified in Articles 8 and 9 of the PDPL:

As part of your membership in the Association, your personal data will be shared with the relevant institutions and organizations in order for the Association to fulfill its relevant legal or statutory obligations, and limited to what is required by any legislation in force during the period of processing personal data, including the Law on Associations No. 5223 and the Regulation on Associations, or when it is necessary to share such data in order to fulfill an obligation stipulated under legislations.

If you take part in the bodies of the Association in addition to being a member of the Association or representative of a member as a legal entity, your Identity Information, Contact Information, and professional information will be shared with the Provincial Directorate of Associations and other relevant public institutions and organizations for the legal reasons that it is mandatory for the Association, which is the data controller, to fulfill its legal and statutory obligations in order to fulfill various obligations under the Associations Law and secondary legislation.
In order to send you e-mails informing you about the activities of the Association and the activities carried out within the framework of your membership of the Association, your e-mail addresses will be shared with the agency from which the service is received, within the framework of the legitimate interest of the Association, during the period of sending, provided that this does not violate your fundamental rights and freedoms.

In order to carry out various activities and services such as General Assemblies, Working Group Meetings, Summits, Agenda Meetings, and other member meetings organized within the Association, the Association occasionally works with external event companies, and it will, as the controller, share the name and surname information of the persons who will attend such events with the event company it authorizes to ensure the organization of the events and provide materials such as event identification cards to the participants as part of certain its activities and in accordance with its legitimate interests provided that it does not violate your fundamental rights and freedoms.

Although no specific data is transferred, the Association works with outside information technology companies to provide information technology services within the Association, and such companies may occasionally access the servers and programs used by the Association to provide technical support and may indirectly access the data under such programs on the legal ground that data processing is mandatory for the legitimate interests of the Association, provided that it does not harm the fundamental rights and freedoms of our members (or representatives of our members as legal entities) as part of such services.
However, these companies do not transfer the data to their own systems. Nor do they process or store the data themselves.

In the event of any dispute regarding a member’s rights or obligations or membership with the Association, your Personal Data may be shared with the Association’s attorneys, advisors, and relevant judicial and enforcement authorities to the extent that is related to the relevant dispute and as necessary to establish, exercise or protect the Association’s rights as the data controller.

In the event that it is necessary for the Association to carry out its activities as part of the above-mentioned data processing purposes and its Statute, it may be shared only within the scope of the legitimate interest of the Association as the data controller, provided that it is mandatory to establish, exercise or protect its rights and provided that it does not harm your fundamental rights and freedoms, only limited to third parties residing in the country such as consultants, financial advisors, auditors from whom the Association receives services, support, and consultancy.

In addition to the foregoing, your Personal Data requested by the authorities may be shared with the relevant institutions and organizations or judicial bodies in order to fulfill legal or statutory obligations if it is necessary to meet legal and/or legal obligations under the applicable legislation on the date of the relevant transaction or request, or in case of such a request from official institutions.

Your Rights as a Data Subject under the PDPL

You have the following rights under the PDPL and other applicable laws as the data subject2 under the PDPL:

i. Learning whether your Personal Data is processed,

ii. Requesting relevant information if your Personal Data has been processed,

iii. Knowing the purposes for which personal data is processed and whether they are used in accordance with those purposes,

iv. Knowing the third parties to whom your Personal Data is transferred domestically or abroad,

v. Requesting correction of your Personal Data if it is incomplete or incorrectly processed,

vi. Requesting the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the PDPL legislation,

vii. Requesting notification of the transactions made within the scope of articles vii, v, and vi to third parties to whom your Personal Data has been transferred,

viii. Objecting to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,

ix. If you have suffered damage due to unlawful processing of Personal Data,

demanding compensation for such damage

Ways to Apply to the Association for Your Rights

Within the framework of the provisions of the PDPL and the Communiqué on the Procedures and Principles of Application to the Data Controller, you can submit your request to exercise your rights under the PDPL mentioned above, physically delivering the documents certifying your identity, in writing and with wet signature, to Gayrettepe Mahallesi Yıldız Posta Caddesi No:6 Akın Sitesi 1.
Block K:7 D:14 34349 Beşiktaş/Istanbul; or by registered electronic mail (KEP) via info@tkyd.org address, or you can send it to the Association signed with a secure electronic signature or mobile signature.

We respectfully request your attention.

Corporate Governance Association of Turkey