PDPL Clarification Text and Involuntary Assent

PDPL Clarification Text and Involuntary Assent




In accordance with the Law on the Protection of Personal Data No. 6698, with my express consent, I give my consent within the scope of the explanations specified in the Clarification Text, being informed without any hesitation. I consent that the acquisition, recording, storage, updating, periodic checking, rearrangement, classification, the storage of my information for the period required for the purpose for which it is processed or for the period stipulated in the relevant law of my personal and/or private personal data in whole or in part can be processed in case of legal or service-related actual requirements, with GOOD COTTON PRACTICES ASSOCIATION or the legally obliged to public institutions and organizations and/or 3rd party service providers, supplier companies residing in Turkey or abroad, GOOD COTTON PRACTICES ASSOCIATION and/or the sharing of its stakeholders with the cooperating companies, including the transfer abroad.


APPENDIX-1: Good Cotton Practices Association Clarification Text




As the Good Cotton Practices Association (IPUD), the extent to which the personal data we have obtained from our stakeholders can be processed by IPUD in the capacity of Data Controller, also taking into account the issues related to the privacy of private life, in accordance with the Law on Protection of Personal Data No. 6698, is explained below.




In this lighting text;


Personal Data: Any information relating to an identified or identifiable natural person,




Headquarters Address: ITKIB, ITA Tastepe Mevki, Sarıgul Cd. Divan Rezidans yanı, 1421 Sk. No:81 PK: 34303 Halkalı, Gümrük, Küçükçekmece, İstanbul;


Agency address Kultur Mah. Mustafa Munir Birsel Sok. Akademi Apt. B-Blok No:6 D:17 35220 Konak, Izmir, Association established in accordance with the relevant legislation residing at this address,


Data Owner: The user who fills in the forms of activity on his own behalf or in the name of the relevant organization via IPUD's website (www.iyipamuk.org.tr), e-bulletin and/or email/fax/phone means,


Data Processor: The natural or legal person who, on behalf of the data controller and with the controller's permission, processes Personal Data,


Data Controller: represents IPUD.


According to the PDPL, the IPUD legal entity designated as the data controller will evaluate the personal data you share as an addressee, legal person and real person member, donor, supplier/consultant, academic, expert, visitor, funder, training, supported, program and project partner, farmers, and ginners within the scope of the project program, association employee/intern within the scope specified below.




Your personal data is collected electronically or physically. Your personal data collected for fulfilling the obligations stipulated in the Law of Associations and the Association's Bylaws and for legal reasons specified in this Clarification Text can be processed and shared within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law.




Your personal data, within the framework of the personal data processing conditions specified in the Articles 4, 5, and 6 of the Law, is processed in order to benefit from the services offered by IPUD, by the business units, and the execution of the relevant business processes for the purposes of carrying out the necessary studies by the relevant domestic and foreign interlocutors in order to carry out the appropriate activities and conducting the related business processes, planning and executing the business strategies of IPUD and ensuring the legal, technical, and occupational safety of IPUD and the related persons who have a business relationship with IPUD.




Your personal data, within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, the business units to make the necessary work to benefit the persons concerned from the services offered by IPUD and the execution of the relevant business processes, the activities carried out by IPUD in accordance with the purpose and the Regulation of the Association; To carry out the necessary work by the relevant domestic and foreign interlocutors and to carry out the related business processes, to plan and execute IPUD's business strategies and to ensure the legal, technical and occupational safety of IPUD and the relevant persons, institutions and organizations that have a business relationship with IPUD can be shared with IPUD's business partners and suppliers, legally authorized institutions and organizations and legally authorized private law legal entities within the scope of its purposes.




As personal data owners, if you submit your requests regarding your rights stated below to IPUD with the methods specified under the title of Exercise of Rights by Data Owners, your requests will be evaluated and finalized by IPUD as soon as possible and in any case within 30 days. Pursuant to Article 11 of the Law, you have the following rights as a personal data owner:


To learn if your personal data have been processed or not,


To request information regarding the personal data if they are processed,


To learn the purpose of this data processing and whether the data is used for relevant purposes,


To know the third parties to whom your personal data has been transferred inside or outside the country,


To request correction of your personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,


To request the deletion or destruction of your personal data in the event that the reasons requiring its processing no longer exist despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,


To object to consequences to her/his detriment arising from the analysis of the processed data exclusively via automatic systems,


To request compensation for the damage in case of loss due to unlawful processing of personal data.


Paragraph 2 of Article 28 of the Law has listed the cases where data owners do not have the right to demand, and in this context;


When processing personal data is required for the prevention of committing an illegal act or criminal investigation,


When processing personal data publicized by the person concerned,


When processing personal data is required for disciplinary investigation or prosecution and conducting supervisory or regulatory duties by the authorized public institutions and organizations and professional public organizations by the power granted by the law,


When processing personal data is required for protecting the economic and financial interests of the State with regard to budgetary, tax-related, and financial issues.


In such cases, the above-mentioned rights cannot be used for data.


According to paragraph 1 of Article 28 of the Law, since the data will be outside the scope of the Law in the following cases, the requests of data owners will not be processed in terms of these data either:


Processing of personal data by real persons within the scope of activities related to themselves or family members living in the same residence provided that they are not given to third parties and that the obligations regarding data security are complied with.


Processing personal data for purposes such as research, planning, and statistics by making it anonymous with official statistics.


Processing personal data within the context of artistic, historical, literary, or scientific purposes or freedom of speech provided that the personal data does not breach the natural defence, national security, public security, public order, economic security, and confidentiality of private life or personal rights, and does not constitute a crime.


Processing the personal data within the scope of preventive, protective, and intelligence operations executed by state institutions and organizations so authorized by the law to ensure national defence, national security, public safety, public order, or economic security.


Processing the personal data by judicial or enforcement authorities in relation to the investigation, proceedings, litigation, or execution procedures.




Data owners will be able to apply to use the above-mentioned rights.


Applications will be made by one of the following methods, together with documents that will identify the relevant data owner:


Forwarding the wet-signed copy of the written petition to the above-mentioned IPUD Izmir representative office, by hand, via a notary public or by registered letter with return receipt, or sending it to info@iyipamuk.org.tr


Following a method prescribed by the Personal Data Protection Board.


IPUD responds to data owners who want to exercise these rights within the limits set forth in the Law, within a maximum of 30 days, as stipulated in the Law. In order for third parties to request an application on behalf of personal data owners, a special power of attorney issued by the data owner through a notary public on behalf of the person to apply must be present.


As a rule, data owner applications are processed free of charge, but a fee may be charged based on the fee schedule stipulated by the Personal Data Protection Board.


IPUD may request information from the relevant person in order to determine whether the applicant is the owner of personal data, and may ask questions about the application of the personal data owner in order to clarify the issues specified in the application.




If you wish, you can send your application and requests regarding your personal data


 To the IPUD Izmir representative office with a wet signature and a photocopy of your ID,


By applying personally to the IPUD Izmir representative address with a valid identity document,


You can send it to our registered IPUD e-mail address (info@iyipamuk.org.tr) via registered electronic mail (KEP) address and secure electronic signature or mobile signature.


In accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller" published in the Official Gazette dated 10.03.2018 and numbered 30356, it is obligatory to include the name-surname, if the application is written, signature, T.R.  identification number (passport number in case the applicant is foreign), the place of residence or workplace address for notification, the e-mail address for notification, if any, telephone number and fax number, and information on the subject of the request.


The data subject should clearly and comprehensibly state the requested issue in the application, which includes explanations regarding the right to be exercised by the data subject to use the above-mentioned rights. Information and documents related to the application must be attached to the application.


Although the subject of the request must be related to the person of the applicant, if acting on behalf of someone else, the applicant must be specifically authorized in this regard and this authority must be documented (special power of attorney). In addition, the application must include identity and address information, and documents confirming identity must be attached to the application.


Requests made by unauthorized third parties on behalf of someone else will not be considered.


Your claims regarding your personal data are evaluated and answered within 30 days at the latest from the date they reach IPUD. In case your application is evaluated negatively, the reasons for the reasoned refusal will be communicated to you via e-mail or postal mail, if possible, to the address you specified in the application, by the method in which the request was made.


Top of the Form


Bottom of the Form