Privacy & Policy

Privacy & GDPR Compliance Policy

  1. Purpose of Policy

This policy shows how we pick and use personal data about you, comply with

  • the Data Protection Act [1998 OR 2018]
  • the General Data Protection Regulation (GDPR),
  • and any other national implementing laws
  • regulations
  • secondary legislation

Please read the statement carefully to realize our practices about your personal data and how we’ll treat it.

  1. About BPR Consulting

BPR Consulting (we – us – our – ours) is a consultancy company. We are registered in Turkey and our registered address is:

Kızılırmak Mah. 1445 Sok. No: 2 The Paragon B Blok Kat 23/113 Çankaya ANKARA

For the purpose of the Data Protection Legislation and this notice, we’re the data controller that means we are responsible for deciding how we hold and use personal data about you. We’re required under the Data Protection Legislation to inform you of the information contained in this policy.

  1. How we may collect your personal data

We obtain personal data about you, for instance, when:

  • you visit our website, contact us by email, mail, telephone, or social media, or
  • you want a proposal from us about the services we provide;
  • you engage us to provide our services we do and also during the provision of services;
  • from 3rd parties and/or publicly convenient resources
  1. The sort of info that we hold about you

The info we obtain about you may include below:

  • your personal details (name, address etc).
  • details of contact we’ve had with you in relation to the provision, or the proposed provision, of our services
  • details of any services you’ve received from us
  • our communications and correspondence with you
  • info about any enquiries and complaints you make to us
  • info from research, marketing activities and surveys
  • info we receive from other sources, for instance publicly available info,
  • info that is provided by your employer
  1. How we use your personal data that we hold about you

We may process your personal data for purposes required for the performance of our contract with and to comply with our legal obligations.

For the purposes required for the performance of our contract with our clients, we may process your personal data. This may contain processing your personal data where you’re an employee, supplier, subcontractor or customer of our client.

For the purposes of our own legitimate interests provided that those interests do not override any of your own interests, freedoms and rights which oblige the protection of personal data, we may process them. This contains

  • processing for marketing,
  • business development,
  • statistical and management purposes.

We may process your personal data for certain supplement purposes with your approval, and in these restricted circumstances where your approval is necessary for the processing of your personal data then you’ve the right to withdraw your consent to processing for any specific purposes.

Please put down that we may process your personal data for more than one legal basis relying the specific purpose for which we’re using your data.

Circumstances where we’ll use your personal data

We may use your personal data to:

  • carry out our requirement arising from any contracts entered into between you and us – which will most usually be for the provision of our services
  • carry out our obligations arising from any agreements entered into between us and our clients where you may be a subcontractor, customer, supplier of our client
  • provide you with info about our events, our services and activities that you want from us or which we feel may interest you, provided you have consented to be contacted for such purposes
  • seek your opinions and thoughts on our services
  • notify you about any shifts to our services.

In some circumstances we may anonymize the personal data so that it may no longer be related you, in which case we may use data without further inform you.

If you refuse to provide us with determined info when requested, we may not be able to perform the contract we’ve entered into with you. On the other hand, we may be unable to comply with our lawful or regulatory obligations.

We may also process your personal data without your consent or knowledge, according to this policy, where we’re lawfully mandatory or permitted to do so.


We’ll solely retain your personal data for as long as is required to fulfil the purposes for which it is collected.

When assessing what retention period is suitable for your personal data, we consider:

  • the necessities of our business and our services
  • any statutory or legal mandatories
  • the purposes for which we collected the personal data as original
  • the legal grounds on which we based our processing
  • the kinds of personal data that we have collected
  • the number and categories of your personal data
  • whether the purpose of the processing could logically be fulfilled by other means.

Change of purpose

Where we need to use your personal data for alternative reason, other than for the purpose for which we collected it, we’ll solely use your personal data where that reason is matching the original purpose.

Should it be required to use your personal data for unique purpose, we’ll inform you and make contact the lawful basis which lets us to do so before starting any new processing.

  1. Data Sharing

Why might you share my personal data with 3rd parties?

We’ll share your personal data with 3rd parties where mandatory by law, where it’s required to administer the relationship between us or where we’ve another legitimate interest in doing so.

Which 3rd party service providers process my personal data?

“3rd parties” means 3rd-party service providers. The following activities are fulfilled by 3rd-party service providers:

  • IT (and cloud) services
  • administration services
  • bookkeeping
  • payroll services
  • marketing services

All of our 3rd-party service providers are mandatory to take commercially logic and suitable security measures to keep your personal data. We solely permit our 3rd-party service providers to process your personal data for “specified purposes” and according to our instructions.

What about other 3rd parties?

We may share your personal data with other 3rd parties, for instance in the context of the “possible sale or restructuring of the business”. We may also need to share your personal data with a regulator or to otherwise adhere to the law.

  1. Security of data

We’ve put in place commercially logic and convenient security measures to keep your personal data from being unintentionally lost, used or accessed in an unauthorized way, disclosed and altered. Besides that, we limit access to your personal data to those

  • employees,
  • agents,
  • contractors
  • other 3rd parties

who have a business ought to know. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality.

We’ve put in place procedures to deal with any doubtful data security violation and we’ll inform you and any applicable regulator of a doubtful breach where we’re required to do so, legally.

  1. Rights of access, erasure, correction and restriction

Your duty to inform us of changes

It is significant that the personal data we keep about you is current and accurate. Should your personal information change, please inform us of any changes of which we need to be made aware by getting in contact with us, using the contact information below.

Your rights in accordance with personal data

Under certain situations, by law you have the right to request;

  • Access to your personal data. This permits you to receive details of the personal data we keep about you and to control that we’re processing it legally.
  • Correction of the personal data that we keep about you.
  • Erasure of your personal data. This permits you to ask us to remove or delete personal data where there is no good reason for us proceeding to process it. You also have the right to ask us to remove or delete your personal data where you’ve exercised your right to object to processing.

In addition, you have the right to object to processing of your personal data where we’re depend on a legitimate interest (or those of a 3rd party) and there is something about your particular situation which makes you need to object to processing on this basis. You also have the right to object where we’re processing your personal information for marketing purposes.

You have right to request the restriction of processing of your personal data. This permits you to ask us to suspend the processing of personal data about you, for instance if you want us to establish its accuracy or the reason for processing it.

You have also right to request “the transfer of your personal data” to another data controller or to you if the processing is rely on consent, carried out by automated means and this is feasible, technically.

If you need to exercise any of the above rights, please email us:

You’ll not have to make payment to access your personal data. But, we may charge a reasonable fee if your request for access is overtly excessive or unfounded. Alternatively, we may deny to comply with the request in such situations.

We may need to want specific info from you to help us confirm your identity and ensure your right to access the info. This is another convenient security measure to make sure that personal information is not disclosed to any person who has no right to receive it.

  1. Right to “withdraw” consent

In the limited situations where you may have provided your approval to the processing, collection and transfer of your personal data for a specific purpose (for instance, in relation to marketing that you’ve indicated you’d like to receive from us), you have the right to “withdraw your consent” for that certain processing whenever you want. Please email us to withdraw your consent:

Once we’ve received notification that you have withdrawn your consent, we’ll no longer process your personal data for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so, lawfully.

  1. Changes about this policy

Any changes we may make to our privacy policy in the future will be updated on website. This privacy policy was last updated on 20.10.2018.

  1. Contact us

If you have any issue about this policy or if you’d like to speak to us about the meaning we process your personal data, please email to address.

Our contact details:

Kızılırmak Mah. 1445 Sok. No: 2

The Paragon B Blok Kat 23/113

Çankaya ANKARA

Phone: +90 312 258 6484

Fax: +90 312 258 6302