top of page

Privacy & Cookie Policy

 

Att. Egemen Inaltay (“inaltay”, “we” or “our”) is committed to ensuring the confidentiality, integrity and lawful processing of personal data in accordance with the Law No. 6698 on the Protection of Personal Data (KVKK) and the EU General Data Protection Regulation (GDPR), where applicable.

This Privacy Policy describes how we collect, use, share and protect personal data provided to us by clients, prospective clients, job applicants, website visitors and other individuals in the course of our legal services and business operations.

By visiting www.inaltay.com or otherwise sharing your personal data with us, you acknowledge that you have read and understood this Policy.

Scope of This Notice

This Privacy Notice sets out the principles and practices of Att. Egemen Inaltay (“inaltay” or “we” or “our”) concerning the collection, use, and protection of personal data. Specifically, it outlines:

  • The categories of personal data we collect, including from clients, website visitors, job applicants, office visitors, and individuals with whom we engage in the ordinary course of business;

  • The legal grounds and purposes for which we process personal data under applicable data protection laws, including the Turkish Law No. 6698 on the Protection of Personal Data (KVKK) and the EU General Data Protection Regulation (GDPR), where applicable;

  • Information regarding our approach to marketing communications and how individuals may withdraw consent or object to such use;

  • The manner in which we may use, disclose or otherwise process personal data;

  • How we manage cross-border transfers of personal data, where necessary;

  • Our data retention periods and the security measures we implement to safeguard personal data; and

  • The rights of individuals with respect to their personal data, including how to access, rectify, erase or object to the processing of such data.

Any questions regarding:

  1. How this Notice applies to your personal data,

  2. How to exercise your legal rights in accordance with relevant data protection regulations, or

  3. How to request access, correction, or deletion of your personal data may be directed to us at privacy@inaltay.com.

For the purposes of data protection legislation, Inaltay may act as a data controller in respect of personal data processed in connection with client representation and legal services.

This Notice is subject to the data protection laws of the jurisdictions in which we operate. Personal data collected, held, or otherwise processed by Inaltay may be stored in Türkiye or abroad, including jurisdictions that may not offer data protection standards equivalent to those in your place of residence. In such cases, appropriate safeguards will be implemented to ensure the lawful and secure processing of such data.

Personal Data We Collect

In the course of our legal, administrative, and business operations, İnaltay Eminent Legal Consultancy collects and processes the following categories of personal data, subject to the applicable provisions of the Law No. 6698 on the Protection of Personal Data (KVKK) and the General Data Protection Regulation (GDPR), where relevant:

  • Identification Information

Includes name, surname, national identification or passport number, date of birth, professional title, and function.

  • Contact Information

Includes your telephone number(s), email address, mailing address, and other communication preferences.

  • Billing, Financial and Payment Data

Includes invoicing information, bank account or IBAN details, payment records, and other data required for processing payments, verifying transactions, and detecting/preventing fraud.

  • Event and Marketing Data

Includes your preferences regarding communications and events, subscription status, download history, dietary requirements (where disclosed), and other information shared through mailing lists or event registration. Such data may incidentally reveal special categories of personal data (e.g., health or religion), which are processed only where legally justified.

  • Compliance and Onboarding Data

Includes data processed for “Know Your Client” (KYC), anti-money laundering (AML), conflict checks, and other regulatory or ethical obligations. This may include copies of identity documents, signature samples, and due diligence records.

  • Technical and Website Data

Includes IP address, browser type and version, device specifications, time zone settings, operating system, plug-ins, and other analytics gathered through your interaction with our website (www.inaltay.com). For more information, please refer to our [Cookie Policy].

  • Audio, Visual and Security Data

Includes video surveillance (CCTV) footage, photographs taken during in-office visits or events, and similar data captured through security systems.

  • Physical Access Data

Includes records related to your entry into and movement within our physical offices, in accordance with our building security protocols.

  • Recruitment Data

Includes CVs, cover letters, educational background, professional experience, references, and any additional information provided by you or third parties (e.g. recruiters, universities, legal directories) in connection with employment applications.

  • Sensitive or Regulated Personal Data

In the course of your relationship with us, we may collect and process certain sensitive or regulated personal data or information that is protected under applicable law relating to you when relevant to providing our legal services (this could include information about racial and ethnic backgrounds, gender, marital status, political opinions, religious beliefs, union membership, physical or mental health, information regarding sexual orientation and background or details of criminal offenses, or biometric data, depending on the specific definition and scope of sensitive or regulated personal data under relevant applicable law). We only process sensitive personal data for necessary purposes and such processing activities will not negatively impact your legitimate interests and/or rights.

Any other personal data that you provide to us relevant to the provision or receipt of services, including in relation to any of your employees, customers or vendors.

We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our personnel, clients, advisers, partners, and agents, third parties with whom we interact and publicly available sources.

  • Additional Information Provided Voluntarily

We may also process any other personal data you provide to us that is relevant to the establishment, performance, or termination of a professional relationship — including, where applicable, information relating to your clients, suppliers, or employees.

  • Data Sources and Data Subjects

We collect personal data directly from you, as well as from: Clients, counterparties, and their legal representatives, regulatory or administrative authorities, publicly available sources and databases (e.g., trade registries), third-party service providers, business partners, or legal advisors, website and email interactions, law schools, recruitment platforms, and referees

  • Data subjects whose information may be collected and processed include:

    • Current and prospective clients and their employees

    • Job applicants and interns

    • Our suppliers, consultants, and business partners

    • Participants in our legal events, seminars, or mailing lists

    • Third parties involved in client transactions (e.g., opposing counsel, business targets)

    • Visitors to our physical premises and website

Sources of Personal Data

We obtain personal data from a number of sources, including through our website (including website analytics, see Cookies and Similar Technology below), online questionnaires and forms, and other information provided directly to us, including by email or in conversation with our lawyers, legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above, as well as directly from you. In addition, we obtain personal data from third-party sources, such as our clients, other law firms, service providers, and governmental entities.

Information About Other People: If you provide information to us about any person other than yourself, such as your employees, suppliers, shareholders or directors, you must ensure that they understand how their information will be used and disclosed, and that you have lawful grounds to disclose it with us, or that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use and disclose it as set forth above.

Processing of Personal Data

The laws in certain jurisdictions require companies to disclose the legal ground they rely on to use, process or disclose personal data. To the extent those laws apply, our legal grounds are as follows.

We process the personal data referred to above for the following purposes and on the below legal bases:

  • We use identification information, contact information, job applicant data, billing, financial and payment data, and legal and regulatory compliance data to fulfil a contract, or take steps linked to a contract, including:

    • providing legal services to our clients;

    • verifying your identity;

    • processing payments from you; and

    • communicating with you regarding the legal services provided.

  • We use identification information, contact information, billing, financial and payment data, job applicant data, event registration or mailing list data, legal and regulatory compliance data, technical information, physical access data and sensitive or regulated personal data as required to conduct our business and pursue our legitimate interests, in particular:

    • providing legal services to our clients, and responding to any comments, feedback or complaints they may send us;

    • promoting our services to clients and potential clients, advising them of news and industry updates, and hosting or administering events;

    • monitoring use of our website, to help us improve and protect our services and website, both online and offline;

    • protecting the security of and managing access to our physical premises;

    • investigating any complaints about our website or our services; and

    • in connection with legal claims, and for compliance, regulatory and investigative purposes.

  • Where necessary, we use identification information, contact information, job applicant data, event registration or mailing list data and technical information on the basis of your consent:

    • to send you direct marketing in relation to our services;

    • to use cookies and similar technologies in accordance with the information below and the information provided to you as to when those technologies are used; and

    • to use personal data that you give us for the purpose we explain at the time you give us such consent.

  • We use identification information, contact information, billing, financial and payment data, legal and regulatory compliance data, technical information, physical access data and sensitive or regulated personal data for other purposes to comply with applicable laws in the local jurisdictions where we operate, regulations, subpoenas, legal process, governmental investigations or inquiries, including:​

    • as necessary or appropriate to protect the rights, property, security, and safety of us, our employees, our consumers, our information systems, and the public; and

    • to cooperate with government or law enforcement authorities conducting an investigation.

    • undertaking compliance checks on current and potential clients and other third parties as part of our legal, regulatory and professional obligations (including anti-money laundering obligations);

  • To the extent permitted under applicable law, we use job applicant data in order to take the necessary steps at the request of the job applicant in the context of recruitment prior to entering into a contract or other employment relationship (and, as necessary to comply with legal, regulatory and corporate governance requirements related to our hiring and personnel):

    • to screen identify and evaluate candidates for positions;

    • record-keeping related to the hiring process;

    • analyzing the hiring process and outcomes; and

    • conducting background checks.

Please note that if you are hired by Inaltay, this data will be transferred to our employee records for the purposes of your employment and subject to our policies with respect to the processing of employee data, which will be provided to you upon the commencement of your employment.

We may also use personal data we collect for other purposes that do not conflict with the purposes listed above, to the extent permitted by applicable law.   

In certain circumstances, we will not be able to provide legal services to clients or continue our relationship with you if we are not provided with all relevant personal data.

Marketing Communications

Withdrawing Consent

We may contact you with information about services or events that might be of interest to you. Where necessary in compliance with applicable law, at the time that you provide your personal data to us, you will be given the opportunity to indicate whether or not you agree for us to use your personal data to tell you about such services and events.

You will always be able to withdraw your consent to allow us to process your personal data, although we may still have other legal grounds for processing your data, such as those set out above. In some cases, we are able to send you marketing materials without your prior consent, where we rely on our legitimate interests, but you have an absolute right to opt-out of receiving future marketing materials at any time.

 

You can do this by following the instructions in the email communication you receive, or by contacting us at privacy@inaltay.com.

Disclosure of Your Personal Data

We have the right to disclose your personal data with trusted third parties including:

  • Legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above, and each of their associated businesses;

  • Business partners, suppliers and sub-contractors in connection with the performance of any contract we enter into with them or you. We take reasonable steps to ensure that our personnel protect your personal data and are aware of their information security obligations; and

  • Analytics and search engine providers that assist us in the improvement and optimization of our website.

We may also disclose or transfer your personal data to third parties:

  • If we sell or buy any businesses or assets or merge any business into or with that of another person, in which case we may disclose your personal data to the prospective counterparty in such transaction and such data may be one of the assets transferred in such transaction;

  • To comply with applicable laws, regulations, subpoenas, legal process, governmental investigations or inquiries, to cooperate with law enforcement, to assert or defend legal claims, and to protect our and others’ rights, property, or safety, in which case we may disclose data to the appropriate law enforcement, regulatory or government agency or other third party; and

  • For the purposes of crime and fraud prevention and remediation, in which case we may disclose data to law enforcement, regulatory or government agencies, independent regulatory bodies and/or other third party.

We do not disclose any personal data to any person other than as described above.

We do not use or disclose sensitive personal data for purposes other than those listed above.

To learn more about the specifics of our disclosure of personal data with third parties under applicable law, please contact us at privacy@inaltay.com to request such information.

Transfers of Personal Data

Att. Egemen Inaltay may transfer personal data to third-party service providers located abroad, where necessary for the performance of its legal services or the operation of its information systems. Such transfers are carried out in accordance with applicable data protection laws and only where it is lawful, limited in scope, and necessary for the intended purpose.

Where the destination country does not offer an equivalent level of data protection, personal data is transferred based on valid legal grounds including the explicit consent of the data subject or through the implementation of appropriate contractual and technical safeguards that ensure the data is adequately protected during and after the transfer process.

Where the destination country does not ensure an equivalent level of data protection, we rely on either the explicit consent of the data subject or implement appropriate safeguards, such as binding contractual commitments and technical security measures, to ensure that personal data is processed lawfully and securely.

As part of our service infrastructure, we make use of cloud-based tools and service providers, including those offered by Google LLC (such as Gmail, Google Workspace, Google Drive, and Google Analytics). These services may involve the processing or storage of personal data on servers located outside of Türkiye.

We take all reasonable and necessary steps to ensure that such transfers are conducted in a manner that protects the confidentiality and integrity of the data, including:

  • Executing data processing agreements with our service providers,

  • Ensuring encryption of data in transit and at rest,

  • Implementing access controls and two-step authentication,

  • Limiting transfers strictly to what is necessary and proportionate.

No personal data is transferred internationally unless it is necessary for our legitimate operational or legal purposes and only where lawful safeguards are in place.

Should you wish to receive more detailed information regarding our international data transfer practices or the specific measures we apply, you may contact us at privacy@inaltay.com.

Your Rights

Depending on your country of residence, you may have certain rights regarding the processing, use, and disclosure of your personal data by İnaltay Eminent Legal Consultancy. Please be aware that certain legal exceptions may apply, and we may not be able to fulfil a request if, for example, it would result in disclosing another individual’s personal data or if we are legally prohibited from doing so.

Access

You may have the right to request a copy of the personal data we hold about you and to access that information.

Accuracy

While we aim to keep your personal data accurate, complete, and up to date, you have the right to request correction of any inaccurate or outdated information. We encourage you to contact us if your personal information changes.

Objection / Deletion

You may have the right to object to the processing of your personal data and to request that it be deleted, blocked, or restricted—subject to legal limitations. Once your request is received and your identity is verified, we will delete (and where applicable, instruct our service providers to delete) your personal data and/or restrict processing, unless a legal exception applies.

Portability

You may have the right to request that your personal data be delivered to you or another data controller in a structured, commonly used, and machine-readable format.

Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time. This withdrawal will not affect the lawfulness of any processing conducted prior to its withdrawal. In some cases, you may also request that we delete data previously processed on the basis of your consent.

Confirmation

You may request confirmation from us as to whether your personal data is currently being processed.

Disclosure of Transfers

Where applicable, you may request information regarding the public or private entities with whom we have shared your personal data.

To exercise any of the above rights, please contact us at:

📧 privacy@inaltay.com

We may require sufficient information to confirm your identity or that you are legally authorized to act on behalf of the data subject. Your request should contain adequate detail to allow us to properly assess and respond to it.

Please note that:

  • You are not required to create an account to submit a request.

  • We will only use the personal data provided in connection with your request to verify your identity or authority.

If the above requirements are not fulfilled, we may not be able to respond or provide access to your data.

 

If you believe your data protection rights have been infringed, you may have the right to lodge a complaint with the relevant supervisory authority.

Depending on your jurisdiction, you may contact:

  • The Turkish Personal Data Protection Authority (KVKK)

  • The relevant data protection authority in an EU Member State

How Long We Keep Your Personal Data

At İnaltay Eminent Legal Consultancy, we retain personal data for as long as necessary to fulfil the purposes for which it was collected, including the provision of legal services, the conduct of internal operations, and compliance with applicable legal obligations. Personal data may be deleted upon receipt of a valid request for erasure. In certain circumstances, we may also retain personal data in an anonymized or aggregated format that no longer identifies any individual, solely for statistical or analytical purposes.

The retention period for personal data is determined by assessing the volume, nature, and sensitivity of the data, the potential risk of unauthorized access or disclosure, the purposes for which the data is processed, and any relevant legal or regulatory requirements.

Where personal data is processed based on your explicit consent or for marketing purposes, it is retained until you withdraw your consent or request that we cease such communications. Following such a request, we may retain a record of your preference for a limited period in order to ensure that your request is fully implemented and respected in the future.

Security of Your Personal Data

We protect all personal data we process by implementing appropriate technical and organizational measures to safeguard such information against unauthorized and unlawful processing or accidental loss, destruction or damage. Among other measures, we store personal data in our possession in a secure operating environment or in physical files whose access is restricted to authorized persons only.

 

Although we adopt security measures in all areas compatible with the nature of the personal data that we process and in line with the best practices available in the market, no electronic data processing is entirely safe from technical failures or possible malicious actions by third parties. We constantly evaluate our security measures and update them as necessary in order to keep in line with best

Cookies and Similar Technologies

What are they?

Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs.

All these technologies are together referred to in this Policy as “Cookies”. Please note that if you delete or disable Cookies from us, you may not be able to access certain areas or features of our website.

How do we use Cookies?

The types of Cookie that we use on our website, and the purposes for which they are used, are set out below:

  • Strictly necessary Cookies:

    • These Cookies are essential to enable you to move around our website and use its features, such as accessing secure areas. Without these Cookies, any services on our website you wish to access cannot be provided.

  • Analytical/performance Cookies:

    • These Cookies collect information about how you and other visitors use our website, for instance, which pages you go to most often, and if you get error messages from web pages. We use data from these Cookies to help test designs and to ensure that a consistent look and feel is maintained on your visit to the website. All information these Cookies collect is aggregated and is used only to improve how a website works.​

    • We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to track our website usage and activity anonymously. Google Analytics uses Cookies, and the information generated by such Cookies about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing to us other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of Cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (Cookies and IP address) by downloading and installing the browser plug-in available under: https://tools.google.com/dlpage/gaoptout?hl=en-GBM

    • Further information concerning the terms and conditions of use and data privacy can be found at:

  • Functionality Cookies: 

    • These Cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for, such as watching a video. Additionally, these Cookies can be used to allow an optional service to function. The information these Cookies collect may be anonymized and these Cookies cannot track your browsing activity on other websites.

  • Pixel tags:

    • These are also known as a clear GIF or web beacon. These are invisible tags placed on certain pages of our website but not on your computer. When you access these pages, pixel tags generate a generic notice of that visit. They usually work in conjunction with Cookies, registering when a particular device visits a particular page. If you turn off Cookies, the pixel tag will simply detect an anonymous website visit.

  • Tracking URLs:

    • These are used to determine from which referring website our website is accessed.

What cookies do we use?

The specific Cookies used on our website are as follows:

Category                   Cookie Name          Retention Period                Provider

Analytical             

If you do not want to accept any non-essential Cookies, or only want to allow the use of certain Cookies, you can update your cookie settings at any time by refreshing your browser history and rejecting the placement of Cookies on our website. You can also use your browser settings to withdraw your consent to our use of Cookies at any time and delete Cookies that have already been set.

Do Not Track

We do not track visitors of the website over time and/or across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (“DNT”) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser allows you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. You should consult the help pages of your browser to learn how to set your preferences so that websites do not track you.

Changes to our Privacy Notice

Any changes we may make to our Notice in the future will be posted on this page and/or, where required by law or regulation, notified to you by e-mail.

Governing Law and Jurisdiction

To the extent required by applicable data protection legislation (including the Turkish Personal Data Protection Law No. 6698, the EU General Data Protection Regulation – GDPR, and other relevant regulations), this Notice shall be governed by the laws of the applicable jurisdiction, and any disputes arising out of or in connection with this Notice shall be resolved by the competent courts of that jurisdiction.

In all other cases, this Notice shall be governed by the laws of the Republic of Türkiye, and any disputes arising from or relating to this Notice shall be subject to the exclusive jurisdiction of the courts and enforcement offices of Istanbul (Çağlayan) Courthouse.

If any provision of this Notice is held to be invalid or unenforceable, such provision shall be modified only to the extent necessary to make it valid and enforceable, and all remaining provisions shall remain in full force and effect.

Contact Us

If you have any questions or comments regarding this Notice, you may contact us through the following channels:

INALTAY Law Office
Attn: Data Controller
UETS: 15985-89464-56505
Email: privacy@inaltay.com

İNALTAY

Emınent Legal Consultancy

who we are

our culture

If you would like to learn more about our team and the specific services we offer, please feel free to contact us. We are dedicated to providing you with the information you need and are here to assist you with any inquiries.

contact us

what we do

blog

contact us 

subscribe

accesibility

term of use

site map

privacy

disclaimers

cookie settings

Türkiye

© 2024 İnaltay Law Firm. All rights reserved.

  • LinkedIn
  • Instagram
bottom of page