Privacy Notice

Your personal data may be processed by BTS Digital Teknoloji Çözümleri Anonim Şirketi (“BTS”) as the data controller in accordance with the Personal Data Protection Law No. 6698 (“Law”) within the scope specified below.

Method and Types of Collection of Personal Data

Based on your relationship with, your personal data may be collected directly from you or from our clients (e.g. your employer company), suppliers, public authorities and publicly available sources. Personal data types that we may collect through these channels can be summarized as follows:

Category of Personal Data
Personal Data
Identity data
Name, surname
Contact data
Phone number, mail address, e-mail address and contact details
Client service data
Personal data relating to clients or data received from clients, third parties, invoicing details and payment history, and client feedback details
Risk management data
Government identifiers, passports, or other identification documents, AML/CTF screening records
Device data
IP address, unique device identifier, other data linked to a device, and data about usage of our website

Processing Purposes of Personal Data and Applicable Legal Grounds

Your personal data may be processed by BTS for the following purposes and legal grounds, based on the personal data processing conditions specified in Article 5 of the Law.

Category of Personal Data
Processing Purposes of Personal Data
Legal Grounds
Identity data, contact data, client service data and device data
  • To register you or your organization as a client of ours
  • To provide and administer services or solutions, as instructed by you or your organization;
  • Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract
  • Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
    • Identity data, contact, client service data, and device data
  • To manage our business operations (including analyzing and improving our services and communications with our clients and to monitor compliance with our policies and standards)
  • To operate our business relations with our clients
  • To manage billing and payments operations
  • Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract
  • Based on the legal ground that processing of personal data is necessary for compliance with a legal obligation to which the data controller is subject to
  • Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
    • Identity data, contact data, risk management, and device data
  • To ensure the security and effectiveness of our website and information technology systems
  • To protect the security of our technical infrastructure and communications to prevent and detect security threats, frauds or other criminal or malicious activities;
  • Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
    • Identity data, contact data, risk management and device data
  • To ensure compliance (e.g. with anti-money laundering and countering financing of terrorism regulations, trade sanctions and embargo laws)
  • To comply with our legal obligations concerning record retention (including those arising from Law no. 5651 and tax regulations)
  • Based on the legal ground that the processing is expressly provided for by the laws and is necessary for compliance with a legal obligation to which the data controller is subject to,

    • Recipient Parties and Purposes for Transferring Personal Data

    Your personal data may be transferred pursuant to the data processing conditions stipulated in Article 5 of the Law and in accordance with the rules regarding the transfer of personal data specified in Articles 8.

    Recipient Parties
    Purposes for Transferring
  • Our business associates (This refers to global law firms and business associates with whom BTS Digital cooperates.)
  • To provide you with services and to manage our relationship with you
  • Our suppliers and service providers (This refers infrastructure and IT services providers, and providers of account systems and HR systems or third-party counsels. It also includes mediators, experts, or other legal specialists such as translators, couriers or other necessary entities)
  • To manage our business operations
  • Our client (if we have collected your data through providing services to any of our clients)
  • Where permitted by law to others to provide those services
  • Companies providing services for anti-money laundering and countering financing of terrorism regulations, trade sanctions and embargo laws and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared
  • To ensure compliance
  • Courts, law enforcement authorities, regulators, government officials or attorneys or other parties
  • To establish, exercise or defence of a legal claim, or for the purposes of a confidential alternative dispute resolution process
  • Legally authorized public institutions and legally authorized private institutions
  • To fulfil our obligations arising from the legislation

    • Data Subject’s Rights Specified under Article 11 of the Law

    Data subjects are entitled to the below-listed rights under Article 11 of the Law:

    • Learn whether data relating to him/her are being processed;
    • Request further information if personal data relating to him have been processed;
    • Learn the purpose of the processing of personal data and whether data are being processed in compliance with such purpose;
    • Learn the third-party recipients to whom the data are disclosed within the country or abroad,
    • Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data is transferred.
    • Request erasure or destruction of data in the event that the data is no longer necessary in relation to the purpose for which the personal data was collected, despite being processed in line with the Law no. 6698 and other applicable laws and request such process to be notified to third persons to whom personal data is transferred.
    • Object to negative consequences about him/her that are concluded as a result of analysis of the processed personal data by solely automatic means,
    • Demand compensation for the damages he/she has suffered as a result of an unlawful processing operation.

    In case requests relating to the aforementioned rights are conveyed to BTS via Esentepe Mah. 23 Temmuz Sok. No:2/1 34394 Şişli/İstanbul – Türkiye or other methods as specified in Communiqué On The Principles And Procedures For The Request To Data Controller such requests shall be evaluated within thirty days. In principle, the requests shall be concluded free of charge. However, BTS reserves its right to demand a fee from the tariff specifies by the Data Protection Board.