O OkorovaAcademy
Home / GDPR & KVKK
Legal

GDPR & KVKK Compliance

Last updated: 1 January 2025

This page sets out how Okorova Academy complies with the EU/UK General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law No. 6698 (KVKK). It supplements our Privacy Policy.

1. Data controller

The data controller (and "veri sorumlusu" for KVKK purposes) is Okorova Academy, 24 Cornhill, London EC3V 3ND, United Kingdom. Contact: dpo@….

2. Principles we follow

We process personal data lawfully, fairly and transparently; only for specified, explicit and legitimate purposes; limited to what is necessary; accurately and kept up to date; for no longer than necessary; and securely.

3. Your rights under GDPR (EU/UK)

  • The right to be informed about how your data is used.
  • The right of access to your personal data.
  • The right to rectification of inaccurate data.
  • The right to erasure ("right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing, including direct marketing.
  • Rights related to automated decision-making and profiling (we do not carry out automated decision-making that produces legal effects).

4. Your rights under KVKK (Turkey)

In accordance with Article 11 of KVKK, data subjects have the right to learn whether their personal data is processed; to request information about processing; to learn the purpose of processing and whether data is used accordingly; to know third parties to whom data is transferred; to request correction or deletion; and to object to results arising from automated analysis. Requests under KVKK can be submitted to kvkk@….

5. Lawful bases and explicit consent

Where we rely on consent (GDPR Art. 6(1)(a)) or explicit consent ("açık rıza" under KVKK), you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent is as easy as giving it — contact us using the details above or adjust your cookie settings.

6. International transfers

Where personal data is transferred outside the UK, EEA or Turkey, we ensure an adequate level of protection through adequacy decisions, Standard Contractual Clauses or equivalent safeguards required under both GDPR and KVKK.

7. Data breaches

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the ICO in the UK, or the KVKK Authority where applicable) within the required timeframe, and affected individuals where required.

8. Exercising your rights

To exercise any GDPR or KVKK right, contact our data protection contact at dpo@… or write to us at the address above. We will respond within one month (GDPR) or thirty days (KVKK). You may also complain to the ICO (UK) or the Turkish KVKK Authority.