GDPR Compliance

GDPR Compliance Statement

At Qunosuy Real Estate, we are committed to protecting your personal data and ensuring compliance with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR).

This page outlines how we comply with GDPR requirements and how we handle your personal information. We believe in transparency and are dedicated to safeguarding your privacy rights while providing you with exceptional real estate services.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union. It gives individuals greater control over their personal data and regulates how organizations collect, process, store, and transfer personal information.

Even though we are based in Turkey, we adhere to GDPR principles as we serve clients from the European Union and believe in maintaining high standards of data protection for all our clients worldwide.

Key GDPR Principles We Follow:

• Lawfulness, fairness, and transparency - We process personal data lawfully, fairly, and in a transparent manner.
• Purpose limitation - We collect personal data only for specified, explicit, and legitimate purposes.
• Data minimization - We limit the collection of personal data to what is necessary for our stated purposes.
• Accuracy - We maintain accurate and up-to-date personal data.
• Storage limitation - We store personal data only for as long as necessary for our stated purposes.
• Integrity and confidentiality - We process personal data securely to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
• Accountability - We take responsibility for how we collect, use, and protect your data.

Your Rights Under GDPR

Under the GDPR, you have several important rights regarding your personal data. As a Qunosuy client or website visitor, you can exercise the following rights:

Right	What It Means
Right to be informed	You have the right to know how we collect and use your personal data, which we outline in our Privacy Policy.
Right of access	You can request a copy of your personal data that we hold.
Right to rectification	You can request that we correct any inaccurate or incomplete personal data.
Right to erasure	Also known as the 'right to be forgotten', you can request that we delete your personal data in certain circumstances.
Right to restrict processing	You can request that we limit how we use your personal data.
Right to data portability	You can request to receive your personal data in a structured, commonly used, and machine-readable format.
Right to object	You can object to our processing of your personal data for direct marketing or based on our legitimate interests.
Rights related to automated decision-making	You have rights regarding automated decisions that significantly affect you.

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided at the bottom of this page.

How We Collect and Process Your Data

Data Collection

We collect personal data through the following channels:

• Information you provide when you contact us through our website
• Information you share during consultations and property viewings
• Information required for property transactions and contracts
• Cookies and analytics used on our website (as detailed in our Cookie Policy)

Legal Basis for Processing

Under GDPR, we process your personal data based on one or more of the following legal grounds:

• Consent - When you have explicitly agreed to us using your personal data for a specific purpose.
• Contractual necessity - When we need to process your data to fulfill our contractual obligations to you.
• Legal obligation - When we need to process your data to comply with the law.
• Legitimate interests - When processing is necessary for our legitimate business interests in ways that don't override your rights and freedoms.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Once your personal data is no longer required, we will securely delete or anonymize it.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data during transmission and storage
• Regular testing and evaluation of the effectiveness of our security measures
• Strict access controls and authentication procedures
• Regular staff training on data protection and security
• Comprehensive data breach procedures
• Careful selection of third-party processors with appropriate security guarantees

Data Breach Notification

In the unlikely event of a data breach that might pose a risk to your rights and freedoms, we will notify relevant supervisory authorities within 72 hours of becoming aware of the breach, where feasible. We will also notify affected individuals without undue delay when there is a high risk to their rights and freedoms.

International Data Transfers

As a real estate company operating in Turkey and serving international clients, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your personal data, such as:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules for transfers within our corporate group
• Adequacy decisions by the European Commission recognizing that a non-EEA country provides adequate protection

We will not transfer your personal data to a third country or international organization without ensuring at least one of these safeguards is in place.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with data protection laws. If you have any questions about how we handle your personal data or if you wish to exercise any of your rights under GDPR, you can contact our DPO at: