PDPL

Under the PDPL, your personal data may be processed by MCT Law Office acting as the data controller. This notice relates to personal data that may be processed in connection with legal services, human resources processes, corporate communications, and the use of our website.

Depending on the nature of the relationship, identity data, contact data, professional information, financial information, case / dispute-related information, transaction security data, and where necessary, special category personal data may be processed.

Your personal data may be processed for the provision of advocacy and legal consultancy services, management of files and dispute processes, response to contact requests, administration of appointment and application workflows, operation of human resources processes, performance of accounting and finance tasks, and ensuring information security and business continuity.

Data may also be used to fulfill statutory retention, notification, evidence, and reporting obligations, to keep records accurate and up to date, to prevent possible loss of rights, and to manage system and physical security controls.

Your personal data may be transferred to the extent required by the processing purpose and within the framework permitted by the applicable legislation. The categories of recipients may vary depending on the nature of the legal work, statutory obligations, and operational needs.

Your personal data may be collected verbally, in writing, or electronically through in-person meetings, phone calls, email correspondence, website forms, physical document delivery, corporate application channels, and where necessary, official correspondence.

Processing activities may rely on the legal grounds of explicit legal provision, necessity for compliance with a legal obligation, necessity for the establishment, exercise, or protection of a right, necessity directly related to the formation or performance of a contract, legitimate interest, and where required by applicable law, explicit consent.

Your personal data is retained for the periods required under the applicable legislation and for the reasonable duration necessary for the relevant processing purpose. Once the retention period expires, data is deleted, destroyed, or anonymized in accordance with the law.

Technical and administrative safeguards are implemented to keep data accurate and up to date, to protect against unauthorized access, and to reduce the risks of loss, destruction, and alteration. However, as with all digital systems, absolute security cannot be guaranteed; therefore, we recommend that you share only data that is necessary and proportionate.

As a data subject, you have the right under Article 11 of the PDPL to learn whether your personal data is processed, request information if it has been processed, learn the purpose of processing and whether it is used in accordance with that purpose, know the third parties to whom the data is transferred, request correction of incomplete or inaccurate data, request deletion or destruction where conditions are met, object to adverse outcomes arising exclusively from automated processing, and request compensation if you suffer damage due to unlawful processing.

Your applications will be evaluated under the relevant rules governing applications to data controllers. Depending on the nature of the request, identity verification may be required, and a response will be provided within the statutory period.