Data Processing Agreement Compliant with KVKK and GDPR

DATA PROCESSING AGREEMENT COMPLIANT WITH PERSONAL DATA PROTECTION (KVKK & GDPR)

PARTIES This
: On one side, ……………………………, operating at …………………………… address, registered with the …………………………… Trade Registry under registration number ……………, and liable to the …………………………… Tax Office and tax number …………………………… (“DATA CONTROLLER”), and
on the other side, ……………………………, operating at …………………………… address, registered with the …………………………… Trade Registry under registration number ……………, and liable to the …………………………… Tax Office and tax number …………………………… (“DATA PROCESSOR”),
under the following terms and conditions.

ARTICLE 1 – SUBJECT OF THE AGREEMENT

The subject of this agreement is the regulation of the procedures and principles regarding the processing of personal data by the Data Processor on behalf of the Data Controller, in accordance with the Law No. 6698 on the Protection of Personal Data (KVKK) and the European Union General Data Protection Regulation (GDPR) .

ARTICLE 2 – DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person.
Special Categories of Personal Data: Sensitive data such as health information, biometric data, religion, and political opinions.
Data Controller: The party that determines the purposes and means of processing personal data.
Data Processor: The party that processes personal data on behalf of the Data Controller.

ARTICLE 3 – OBLIGATIONS OF THE DATA PROCESSOR

3.1. The Data Processor shall process personal data only in accordance with the written instructions of the Data Controller.
3.2. The Data Processor is obliged to take the necessary technical and administrative measures for the security of the data.
3.3. The Data Processor may not transfer, copy, or use personal data for purposes other than those intended.
3.4. The Data Processor shall immediately inform the Data Controller in the event of a data breach.

ARTICLE 4 – OBLIGATIONS OF THE DATA CONTROLLER

4.1. The Data Controller is obliged to obtain the necessary legal basis and explicit consents for the processing of personal data.
4.2. The Data Controller is responsible for the accuracy and timeliness of the processed data.
4.3. The Data Controller provides the necessary support to the Data Processor to fulfill its obligations.

ARTICLE 5 – STORAGE AND DESTRUCTION OF DATA

5.1. Personal data will be deleted, destroyed, or anonymized upon the instruction of the Data Controller if the purpose of processing ceases to exist.
5.2. The Data Processor undertakes not to retain data after the termination of the contract.
5.3. Retention periods and methods will be determined in accordance with the KVKK (Personal Data Protection Law) and GDPR (General Data Protection Regulation).

ARTICLE 6 – RIGHT OF INSPECTION

6.1. The Data Controller has the right to audit the Data Processor's data security measures.
6.2. The Data Processor is obliged to provide all necessary information and documents during the audit.

ARTICLE 7 – TRANSFER OF DATA ABROAD

7.1. Personal data may be transferred abroad in accordance with Article 9 of the KVKK (Law on Protection of Personal Data) and the GDPR.
7.2. For data transfer abroad, the explicit consent of the data subject or the eligibility criteria determined by the Board must be met.

ARTICLE 8 – DURATION AND TERMINATION

8.1. This agreement shall be valid for a period of ……… years.
8.2. If either party breaches its obligations, the other party may terminate the agreement by written notice.
8.3. In case of termination, all processed data shall be returned to the Data Controller or destroyed.

ARTICLE 9 – MISCELLANEOUS PROVISIONS

9.1. This agreement constitutes the sole and final agreement between the parties.
9.2. Unless either party notifies the other party in writing of any change of address, notifications sent to the existing addresses shall be deemed valid.
9.3. The invalidity of any provision of this agreement shall not affect the other provisions.

ARTICLE 10 – APPLICABLE LAW AND JURISDICTION

Turkish law shall apply to disputes arising from this agreement , and the Central Courts and Enforcement Offices of Istanbul shall have jurisdiction

DATA CONTROLLER DATA PROCESSOR
Name – Signature Name – Signature

YAĞMUR YORULMAZ, LAW FACULTY STUDENT

GDPR compliant contract, personal data protection,GDPR sample contract, GDPR contract, data security, data destruction, data processing contract, data processor, data controller

Single Blog Title

About Post Author

fbchukuk

Leave a Reply Cancel Reply