Skip to main content
brand logo

Privacy Policy

MOMENTO LEGAL PARTNERS POLICY ON THE TRANSFER OF PERSONAL DATA AND SPECIALLY QUALIFIED PERSONAL DATA

1. DEFINITIONS

Data ControllerIt refers to the MOMENTO LEGAL PARTNERS, which determines the purposes and means of processing personal data, is responsible for the establishment and management of the data registration system.
Data Owner-Contact PersonIt refers to the real person whose personal data has been processed.
FoundationIn accordance with this policy, refers to MOMENTO LEGAL PARTNERS.
Law”Law No. 6698 on the Protection of Personal Data" is expressed.
Personal DataAny information relating to a real person that makes the identity specific or identifiable is expressed.
Special Qualified Personal DataRefers to data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
BoardRefers to the Personal Data Protection Board.
PolicyThe policy regarding the updating of personal data and sensitive personal data is expressed.
Processing of Personal DataObtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. It refers to all kinds of operations performed on data, such as blocking.
Explicit ConsentConsent to a particular issue is expressed, which is based on information and is expressed in free will.

2.THE PURPOSE OF THE POLICY

This policy aims to determine the procedures and rules regarding the updating of personal data and/or sensitive personal data within the body of MOMENTO LEGAL PARTNERS (hereinafter referred to as “MOMENTO”). Thanks to the policy and various regulations within the foundation, the requirements of the Law on Protection of Personal Data No. 6698 are ensured.

The Board of Directors is personally responsible for the follow-up and implementation of the policy. The policy is being revised in accordance with the foundation’s requirements. The Board of Directors has the authority to make changes to this policy if necessary.

3.TRANSFER OF PERSONAL DATA AND/OR SPECIALLY QUALIFIED PERSONAL DATA

The foundation transfers data at minimum and as necessary. While transferring the said data, it acts cautiously and in accordance with the law regarding the transfer of personal data and/or sensitive personal data to third parties. In addition, the foundation updates the measures in parallel with the developing technologies to the extent possible.

For the transferred personal data and sensitive personal data, the data subject whose data is processed is to be enlightened. The aforementioned lighting texts are easily accessible and are available on the foundation’s web pages, mobile pages, and in various places where data is obtained or transferred. Again, in accordance with the legal regulations, the lighting explanations are updated.

3. EXPLICIT CONSENT IN THE TRANSFER OF PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA

The general rule is to obtain explicit consent from the data controller before transferring personal data and/or sensitive personal data. Explicit consent refers to consent on a specific subject, based on information and expressed with free will.

However, in some exceptional cases, personal data and/or sensitive personal data may be transferred with explicit consent. While transferring data to the foundation, data is transferred without explicit consent, based on one or more of the legal reasons explained below. The legal reasons for data transfer without the need for explicit consent are as follows:

PERSONAL DATA

a) It is clearly stipulated in the laws,

b) It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid,

c) It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

d) It is mandatory for the data controller to fulfill its legal obligations,

e) The person concerned has been made public by himself,

f) Data processing is mandatory for the establishment, exercise or protection of a right,

g) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

If one of the conditions is met, data may be transferred to third parties by the foundation without seeking explicit consent.

SENSITVE PERSONAL DATA

a) Special categories of personal data other than health and sexual life, in cases stipulated by law,

b) Personal data related to health and sexual life can only be collected by persons or authorized institutions and organizations that are under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

In the event that one of the conditions is met, data may be transferred to third parties by the foundation without seeking explicit consent, provided that ADEQUATE MEASURES ARE TAKEN.

4. TRANSFER OF PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA ABROAD

The issue regarding the transfer of personal data and/or special quality personal data abroad is stipulated in Article 9 of the Law on the Protection of Personal Data.

Transfer of personal data abroad

ARTICLE 9

(1) Personal data cannot be transferred abroad without the explicit consent of the person concerned.

(2) Personal data, the existence of one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6, and in the foreign country to which the personal data will be transferred;

a) The availability of adequate protection,

b) In the absence of sufficient protection, it can be transferred abroad without the explicit consent of the data subject, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and that the Board has permission.

(3) Countries with adequate protection are determined and announced by the Board.

(4) The Board shall determine whether there is sufficient protection in the foreign country and whether a permit will be granted pursuant to subparagraph (b) of the second paragraph;

a) International conventions to which Turkey is a party,

b) The reciprocity of data transfer between the country requesting personal data and Turkey,

c) Regarding each concrete personal data transfer, the nature of the personal data, the purpose and duration of its processing,

ç) The relevant legislation and practice of the country to which the personal data will be transferred,

d) It decides by evaluating the measures undertaken by the data controller in the country to which the personal data will be transferred, and by taking the opinion of the relevant institutions and organizations, if needed.

(5) Personal data may be transferred abroad with the permission of the Board, only after obtaining the opinion of the relevant public institution or organization, in cases where the interests of Turkey or the person concerned will be seriously harmed, without prejudice to the provisions of international conventions.

(6) Provisions in other laws regarding the transfer of personal data abroad reserved.

IN ACCORDANCE WITH THE RELEVANT REGULATION, IT IS POSSIBLE TO SUMMARIZE THE PROCEDURE ADOPTED BY THE COMPANY FOR THE TRANSFER OF PERSONAL DATA AND/OR SPECIAL QUALIFIED PERSONAL DATA ABROAD AS FOLLOWS.

BASED ON EXPLICIT CONSENT / WITHOUT EXPLICIT CONSENT

IF THE RELEVANT PERSON HAS EXPLICIT CONSENT

IT CAN BE TRANSFERRED ABROAD

In case of existence of one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 of the Law on the Protection of Personal Data No. 6698

If there is adequate protection in the country to which the data will be transferred / If there is no adequate protection

IT CAN BE TRANSFERRED ABROAD.

Data officers in Turkey and the related foreign countries must undertake an adequate protection in writing and have the permission of the Personal Data Protection Board

IT CAN BE TRANSFERRED ABROAD.

As explained above, the basis for transferring personal data and/or sensitive personal data abroad is the explicit consent of the person concerned. However, it has been arranged in exceptional cases; In the presence of certain situations, it is stipulated that data can be transferred abroad without the explicit consent of the person concerned.

The law has also brought some limitations to the situations where data can be transferred without obtaining explicit consent, which it considers an exception. So that; The first condition is that the personal data to be transferred and/or special quality personal data are processed under the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6. However, it is not enough to be processed only under the specified conditions, it pointed out that the country to which the data will be transferred should have sufficient protection. In this case, data can be transferred without the explicit consent of the person concerned. Countries with adequate protection are announced by the Personal Data Protection Board.

In case of transfer to a country where there is no adequate protection despite the conditions stated regarding the processing of the data, the transfer may be made without obtaining the express consent of the person concerned, provided that the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and that the permission of the Personal Data Protection Board is available.

When transferring data abroad, the foundation transfers data in accordance with the law, based on express consent or other legal conditions. However, when necessary, approval is obtained from the Board regarding data transfer and it also benefits from the binding foundation rules and undertakings prepared by the Board. In addition to all these, it also takes all necessary technical and administrative measures when transferring data abroad.

5. UPDATE

The changes made to this Policy are shown in the table below.

Policy Update DateChanges

MOMENTO LEGAL PARTNERS