Data Protection Law Policy

Forte, identifies and determines the processing of personal data within the framework of the Law on the Protection of Personal Data No. 6698 and takes appropriate security measures. A risk management system is implemented in our organization that balances risks and measures in terms of personal data and business processes, taking into account potential personal data breaches. Our objectives regarding the protection of personal data within this framework include:

  1. Ensuring the processing of personal data in compliance with Law No. 6698 on the Protection of Personal Data and other relevant legislation, and enabling individuals to effectively exercise their rights.
  2. Preventing the unlawful processing and access of personal data processed in organizational processes and implementing appropriate security measures.
  3. Ensuring the protection of the fundamental rights and freedoms of individuals.

To achieve the objectives of protecting identified personal data and ensuring compliance with the Law on the Protection of Personal Data, we commit to allocating the necessary resources, acting in accordance with the decisions of the Board, and ensuring that this is understood by all relevant parties. The articles of our policy related to the Personal Data Management System we have created in this context are outlined below.


  • In the context of protecting the fundamental rights and freedoms of individuals, especially the privacy of private life, Forte collects and processes personal data in compliance with relevant regulations, including the Personal Data Protection Law (KVKK).
  • This includes processing personal and special-category personal data of employees, job applicants, customers, suppliers, and any data collected and processed from any source.
  • Forte takes necessary technical and administrative measures to ensure an adequate level of security to prevent the unlawful processing of personal data and to preserve the data, conducts necessary internal and external audits, and informs individuals about their rights.
  • Personal data processing activities are carried out in a lawful and fair manner, with specific, clear, and legitimate purposes, and in a manner that is relevant, limited, and proportionate to the purpose.
  • Forte retains the data for the period specified in the laws or as required by the purpose of personal data processing.
  • It informs the data subjects and provides necessary information if they request it.
  • In the processing of special-category personal data, it acts in compliance with the regulations and does not perform actions and activities without explicit consent except in cases clearly specified in the laws.
  • Regarding the transfer of personal data, it complies with the regulations specified in the law.
  • It creates awareness among internal and external parties about the protection of personal data and communicates relevant obligations.
  • Forte organizes training sessions to enhance technical and behavioral competencies for increasing awareness of personal data protection.
  • It manages personal data breaches by evaluating the matter according to the discipline procedure and immediately informs the board authorities about crimes and violations requiring penalties.