Privacy Policy

Last updated: May 2025

1. About This Policy

This Privacy Policy explains how Mermeroglu Legal collects, uses, stores and shares personal data about individuals who visit our website, contact us or engage our legal services. We are committed to protecting your personal data and handling it in a transparent, lawful and secure manner.

This policy applies to personal data processed in connection with our website at www.mermeroglulegal.com, our business communications and our legal services.

2. Who We Are

Mermeroglu Legal is a Türkiye-based international law practice. For the purposes of applicable data protection legislation, Mermeroglu Legal is the data controller in respect of personal data processed in connection with the provision of legal services and the operation of this website.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly

• Name, surname and professional title
• Email address, telephone number and postal address
• Company name and jurisdiction of establishment
• Details of enquiries submitted via our contact form or by email
• Information provided in the course of instructing or engaging our legal services

Information collected automatically

• IP address and browser type
• Pages visited on our website and duration of visits
• Referring URLs and device information
• Cookie identifiers (see Section 10)

Information from third parties

• Business contact details obtained through referrals, events or professional directories
• Publicly available information relevant to the provision of legal services

4. How We Use Your Personal Data

We use personal data for the following purposes:

• Responding to enquiries and providing information about our services
• Establishing and managing client relationships and legal engagements
• Performing legal services and fulfilling our professional obligations
• Complying with legal, regulatory and ethical requirements applicable to legal practitioners
• Conducting conflict-of-interest checks
• Sending legal updates, newsletters and event invitations where you have consented or where we have a legitimate interest
• Improving our website and understanding how visitors use it
• Managing our business operations, including invoicing and record-keeping

5. Legal Basis for Processing

We process personal data on the following legal bases under applicable data protection law (including the Turkish Personal Data Protection Law No. 6698 (KVKK) and, where applicable, the EU General Data Protection Regulation (GDPR)):

• Performance of a contract: where processing is necessary to provide legal services or to take steps at your request prior to entering a contract.
• Legal obligation: where processing is required to comply with legal and regulatory requirements applicable to legal practitioners.
• Legitimate interests: where processing is necessary for our legitimate business interests, including business development, security and the improvement of our services, provided that your interests do not override ours.
• Consent: where you have given explicit consent, such as subscribing to legal updates or newsletters. You may withdraw consent at any time.

6. Sharing Your Personal Data

We do not sell or rent personal data to third parties. We may share personal data in the following circumstances:

• Alliance law firms and advisors: with foreign law firms, patent attorneys and tax advisors forming part of our international legal alliances, where necessary to provide coordinated legal services.
• Service providers: with trusted third-party providers (including IT systems, cloud hosting and communications services) who process data on our behalf under appropriate data processing agreements.
• Regulatory and legal authorities: where we are required to disclose data by law, court order or regulatory authority, including bar association obligations and anti-money laundering compliance.
• Professional advisors: including auditors and insurers in connection with our professional indemnity obligations.

7. International Transfers

Given the international nature of our practice, personal data may be transferred to and processed in countries outside Türkiye and the European Economic Area (EEA), including jurisdictions where Mermeroglu Legal operates country desks or maintains legal alliances.

Where personal data is transferred internationally, we apply appropriate safeguards, including standard contractual clauses, adequacy decisions or other mechanisms recognised under applicable law, to ensure that your data receives an equivalent level of protection.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory and professional obligations.

For client matters, we generally retain files for a period of ten (10) years from the conclusion of the matter, unless a longer retention period is required by applicable law or professional rules. Website usage data is retained for shorter periods in line with our cookie and analytics policy.

When personal data is no longer required, it is securely deleted or anonymised.

9. Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

• Right of access: to obtain a copy of the personal data we hold about you.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of your personal data in certain circumstances.
• Right to restriction: to request that we limit processing of your data in certain circumstances.
• Right to data portability: to receive your personal data in a structured, commonly used and machine-readable format.
• Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@mermeroglulegal.com. We will respond within the timeframe required by applicable law (generally within 30 days). You also have the right to lodge a complaint with the relevant supervisory authority — in Türkiye, the Personal Data Protection Authority (KVKK Kurumu); within the EU, the competent data protection authority of your member state.

10. Cookies

Our website uses cookies and similar tracking technologies to improve functionality and analyse usage. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or operational changes. The most recent version will always be available on this page, with the date of the last update noted at the top. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights or have a concern about how we handle your personal data, please contact us: