ISO/IEC 27701 Privacy Information Management System (PIMS)
Our organization has established the MKK Privacy Information Management System (PIMS) to ensure personal data privacy and security in integration with the ISO/IEC 27001 Information Security Management System. This system is based on international best practices and standards, primarily the Personal Data Protection Law (KVKK) and the European Union General Data Protection Regulation (GDPR). As a result of successful audits carried out by internationally accredited independent auditing organizations in 2023, the TÜRKAK accredited ISO/IEC 27701 Privacy Information Management System (PIMS) Certificate was obtained and the validity period of the certificate continues until May 2026.
Protection of Personal Data
Data Controller
In accordance with the Law on the Protection of Personal Data No. 6698 (KVKK), your personal data may be recorded, stored, updated, disclosed/transferred to third parties where permitted by legislation, classified, and processed as specified by the KVKK by our organization as the Data Controller.
Purpose of Processing Personal Data
Personal data is processed for the following purposes and legal reasons:
- Fulfilling our organization’s legal obligations under the Capital Markets Law and other applicable regulations.
- Providing services based on user preferences.
- Recording and verifying identity, address, and other necessary information for transactions.
- Maintaining and managing records and documents required in electronic or paper format.
- Complying with legal obligations related to information storage, reporting, and disclosure as required by regulatory authorities, including the Capital Markets Board.
Transfer of Personal Data
Your personal data will be kept confidential and will not be shared with any third party, except for those legally authorized to obtain such information. Your personal data may only be shared with our members if you provide explicit consent.
Collection of Personal Data
Personal data is collected in written or electronic format within the scope of the services provided by our organization.
Explicit Consent Management
Where required by law, explicit consent is obtained from the data owner using legal methods defined by our organization.
Rights of the Data Subject
Pursuant to Article 11 of KVKK, data subjects have the right to:
a) Learn whether their personal data has been processed,
b) Request information if their personal data has been processed,
c) Learn the purpose of data processing and whether it has been used accordingly,
d) Identify third parties to whom their personal data has been transferred domestically or internationally,
e) Request correction of incomplete or inaccurate personal data,
f) Request deletion or destruction of personal data under the conditions set forth in Article 7,
g) Request notification of rectification, deletion, or destruction of personal data to third parties to whom the data has been transferred,
h) Object to data processing that results in adverse consequences for the data subject,
i) Request compensation for damages arising from unlawful processing of personal data.
For more details, please refer to the MKK KVKK Policy at https://www.mkk.com.tr/kisisel-verilerin-korunmasi.
Submitting Requests Related to Personal Data
Data subjects may submit their requests regarding personal data rights free of charge by following these steps:
1.Complete the "Application Form for Requests to the Data Controller under KVKK" available at www.mkk.com.tr.
2.Submit the signed form in person to the MKK address at: Reşitpaşa Mahallesi, Borsa Caddesi No:4, 34467 Sarıyer/İstanbul.
3.Send the completed form via notary to the same address.
4.Third parties cannot submit requests on behalf of data subjects unless they provide an original notarized power of attorney.
5.If the request involves a processing fee, the applicable fee must be paid as per the tariff set by the Personal Data Protection Board. Requests without the required payment will not be processed.
