Personal Data Protection and Processing Policy



Law on Protection of Personal Data No. 6698, published in the Official Gazette dated 7 April 2016 and numbered 29677.

Data Processor

Person who processes personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for technical storage, protection and backup of the data.

Contact Person

The natural person whose personal data is processed.

Data Controller

The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Explicit Consent

Consent on a specific subject, based on information and expressed with free will.


Deletion, destruction or anonymization of personal data.

Recording Environment

Any medium containing personal data that is fully or partially automated or processed non-automatically, provided that it is a part of any data recording system.

Personal Data

Any information relating to an identified or identifiable natural person.

Personal with Special Qualification


Data on people's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data data.

Personal Data


Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system Any operation performed on the data, such as preventing its use or use.

Personal Data

Become Anonymous


Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

Personal Data


Personal datadeletion of; making personal data inaccessible and non-reusable for the relevant users.

No Personal Data


The process of making personal data inaccessible, unrecoverable and unusable by anyone.

Periodic Destruction

The deletion, destruction or anonymization process to be carried out ex officio at repetitive intervals in case all of the conditions for processing personal data in the law are eliminated.


The Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017 and numbered 30224 and entered into force as of 1 January 2018.


Boğaziçi BC Teknoloji Yatırım ve Ticaret Anonim Şirketi.

KVK Board / Board

Personal Data Protection Board.

KVK Institution

Personal Data Protection Authority.


With this Policy, it is aimed to set forth the general principles and principles of the Company regarding the protection and processing of real person data subject to personal data processing activities within the scope of PDPL, and to fulfill the obligations set forth in the legislation regarding these issues.

The purpose of this Policy is to regulate the methods and principles to be followed in order to ensure that the personal data obtained by the Company is processed and protected in accordance with KVKK.


This Policy is implemented in all activities managed by the Company for the processing and protection of personal data.

This Policy applies to all employee candidates, employees, family members of employees, officials, potential customers, employees / partners / officials of potential customers, customers, employees / partners / officials of customers, customers, employees / partners / officials, suppliers, who are contacted during the business processes and activities of the Company. It relates to all processed personal data of suppliers' employees/partners/authorities, users of the domain website (" Site ") and Site visitors.

This Policy is implemented by the Company together with other relevant and detailed data procedures in the activities carried out for the processing and protection of all personal data.


This Policy will be implemented together with the data protection terms set out in the other policies of the Company. The provisions of the relevant legislation in force during the processing and protection of personal data will primarily find application. In case of conflict between the provisions of the legislation and the provisions of the Policy, the Company accepts that the provisions of the current legislation shall prevail.

The Company, as the Data Controller;

  1. a) To prevent unlawful processing of personal data,
  2. b) To prevent unlawful access to personal data,
  3. c) To ensure the protection of personal data,

has to take all necessary technical and administrative measures to ensure the appropriate level of security for its purposes.

The main sources of the Company's obligations regarding the implementation of this Policy regarding data protection are as follows:

  • Law No. 6698 on the Protection of Personal Data
  • Turkish Commercial Code No. 6102
  • Turkish Code of Obligations No. 6098
  • Law No. 6502 on Consumer Protection
  • Social Insurance and General Health Insurance Law No. 5510
  • Law No. 6331 on Occupational Health and Safety
  • Labor Law No. 4857
  • Law No. 5651 on Regulating Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts
  • Law No. 5846 on Intellectual and Artistic Works
  • Industrial Property Law No. 6769
  • Regulation on the Deletion, Destruction or Anonymization of Personal Data