Pursuant to Law on Protection of Personal Data w. no. 6698 (“DPL”) and the Regulation on Data Controllers’ Registry w. Official Gazette no.30286 (“Regulation”), all foreign controllers (controllers that are not established in Turkey) that process personal data of individuals in Turkey are required to appoint a Representative in Turkey – Art. 4/1 p of the Regulation.
The Representative must be a Turkish legal entity or a Turkish natural person. As IPTECH, we would be happy to take on this role and provide the Representative service to you in Turkey.
An example of Controllers we Represent in Turkey are;
– Leading German sports car manufacturer,
– Leading online accommodation services company,
– Leading clinical trial organization company from the US,
– World’s largest gaming company from China,
– Leading web site building tools provider from Israel,
– Leading private bank in New York, US,
– Leading technology products manufacturer from Japan,
– Leading US based gaming company
When you appoint us as your Representative, we will set-up a local e-mail address specific for you to handle the data subject requests. All e-mails received to such local e-mail address will be reviewed and reported to you on a weekly basis.
When we receive a valid data subject request, either through e-mail or other means, we will provide the request to you within 3 business days with English translation of the request, evaluation of the request and the deadline (30 days as of receipt) to comply/respond.
We will then follow-up with you with weekly reminders regarding the response to be provided to the data subject, receive the response from you, translate the response into English and convey the response to the data subject.
As your Representative, we may also receive certain notifications from the Supervisory Authority in Turkey. When we receive such notification, we will translate the notification/letter into English and send such to you with the instructions/advice on necessary actions to be taken.
According to the Regulation, the Representative must at least have the following authorities;
1- Receive and accept, on behalf of the Controller all types of correspondence and notifications sent by the Authority,
2- Convey the requests sent from the Authority to the Controller
and to convey the response from the Controller to the Authority,
3- Receive requests and applications of data subjects that is directed to the Controller and convey such requests and applications to the Controller,
4- Convey the response of the Controller with regard to data subject’s requests and applications
5- Conduct all works and transactions on behalf of the Controller regarding the Data Controllers’ Registry (VERBIS).