Providing appropriate safeguards with standard contract
(1) Appropriate safeguards may be provided through a standard contract, which includes elements such as data categories, purposes of data transfer, recipient and recipient groups, technical and organisational measures to be implemented by the data importer, additional measures, and additional measures for sensitive personal data.
(2) The standard contract shall be determined and announced by the Board.
(3) The standard contract text shall be used without any modifications. In the event the standard contract is also concluded in a foreign language, the Turkish text shall prevail.
(4) The standard contract shall be concluded between the parties involved in the personal data transfer. It shall be signed by the parties to the transfer, or by persons authorised to represent and sign on behalf of the parties.
(5) The standard contract, after finalisation of the signatures, shall be notified to the Authority within five business days, either physically, through a registered electronic mail (KEP) address, or via other methods specified by the Board. The parties to the transfer may designate in the standard contract which party will fulfil the notification obligation. If no such agreement is made, the data exporter shall be responsible for notifying the Board.
(6) The notification shall include documents certifying that the signatories are authorised, along with notarised translations of any foreign language documents.
(7) If the standard contract text announced by the Board is modified, or if one or both parties to the transfer lack valid signatures in the standard contract, the Board shall conduct an examination in accordance with Article 15 of the Law.
(8) In the event of any change to the parties involved in the standard contract, or modifications to the information and explanations it contains, or if the standard contract is expired, the Board shall be notified in accordance with the procedure outlined in paragraph five.