1. Data Controller
This website (gokaygul.com) is operated by Gökay GÜL CPA. Under Turkish KVKK, the "Data Controller" is Gökay GÜL. Contact: info@gokaygul.com
Data Protection Contact (KVKK Art. 11): kvkk@gokaygul.com
Data Controller standing: All personal data processed under the data-controller role is handled strictly for legally permitted purposes with the required technical and organisational safeguards. Registry numbers and personal identifiers are deliberately not published here to mitigate identity-fraud and phishing risks; official credential verification can be performed by anyone via the TÜRMOB member directory (turmob.org.tr) using the practitioner's full name.
2. Data Collected
This site collects only the minimum data:
- Server logs: IP, visit time, browser info (anonymous, for performance/security)
- Contact form: Name, email, message if you submit (to respond to you)
- Booking: Information you provide via Cal.com if you book a meeting
- Cookies: Essential only (session, language preference). No marketing/tracking cookies.
3. Use of Data
Data is used only to:
- Respond to advisory service inquiries
- Execute contractual processes
- Fulfill legal obligations
- Ensure site security and performance
4. Data Sharing
Your data is not shared with third parties. Where legally required, sharing with authorities (tax, financial audit) may occur.
5. Data Retention
Contact form data: 1 year. Client data under engagement: 10 years (per Turkish Tax Law and Commercial Code). Destroyed at end of period.
6. Your Rights
Under KVKK Law No. 6698, you have the right to:
- Know whether your data is processed
- Request information if processed
- Learn purpose and use of processing
- Know third parties to whom data is transferred
- Request correction of incomplete or incorrect data
- Request deletion or destruction
- Object to results of automated analysis
Send requests to info@gokaygul.com. Responded to within 30 days.
7. Third-Party Services and Cross-Border Data Transfer
This site uses the following third-party services. Each has its own privacy policy; using the service constitutes explicit consent (KVKK Art. 5/1).
- Cloudflare, Inc. — Hosting, CDN, security (server logs, IP). EU data centres (Frankfurt + Amsterdam) and Türkiye PoPs.
- Cloudflare Web Analytics — Cookie-free, anonymous traffic measurement (KVKK/GDPR-compliant).
- Microsoft Clarity — Cookie-free session behaviour analytics (when enabled; data centre EU/US). Use: heatmaps, in-page navigation analysis.
- Cal.com / cal.eu — Meeting scheduling (only if you book; EU data centre).
- WhatsApp Business (Meta Platforms Ireland Ltd.) — Contact (only if you click). Explicit-consent note: messages sent via WhatsApp are transferred to Meta's servers (EU + US). Do not transmit sensitive financial documents or identity data via WhatsApp; an encrypted channel (KEP, e-signature, secure portal) is provided on request.
8. Transfer of Sensitive Financial Documents
Do not send financial documents, identity scans, bank statements or financial reports via email or WhatsApp. A dedicated encrypted channel (KEP, e-signature, corporate portal) is provided for these files. Request access at kvkk@gokaygul.com.
9. Changes
This policy may be updated. Material changes are posted on this page.