Menu Close
Close
Try Free

PRIVACY POLICY AND DATA PROTECTION LAW INFORMATION NOTICE

Effective Date: 14 April 2026
Last Updated: 14 April 2026

The website www.avhos.com, mobile application, user panel, subdomains, linked digital platforms, membership processes, support services, subscription procedures and all related services provided by AVHOS Legal Automation Systems (“AVHOS”, “the Company”, “We”) provides this Privacy Policy and Information Notice on the Processing of Personal Data (“Notice”) regarding the processing of personal data within the scope of the website www.avhos.com, mobile application, user dashboard, subdomains, linked digital platforms, membership processes, support services, subscription procedures and all related digital services.

This Notice applies to website visitors, members, subscribers, potential users, individuals who complete contact forms, those making support requests, invoice recipients, authorised representatives of business partners, and natural persons using AVHOS systems.

AVHOS is committed to protecting user privacy, ensuring the security of personal data, upholding professional confidentiality and data security standards, and acting in compliance with applicable legislation.

This Text is also one of the supplementary documents to the AVHOS User, Membership and Platform Terms of Use and the AVHOS Cookie Policy. In the event of any conflict between the provisions, mandatory legislation, specific information notices or explicit consent texts, and service-specific provisions shall take precedence.

ARTICLE 1 – PURPOSE AND SCOPE

The purpose of this Policy is to provide clear, understandable and transparent information regarding the categories of personal data processed by AVHOS, the methods by which it is collected, the purposes for which it is used, the legal grounds on which it is based, to whom and under what conditions it may be transferred, how long it is retained, the measures taken regarding data security, and the rights of data subjects.

This Policy applies if you use the AVHOS platform, create an account, use the services, submit a support request, communicate with us, participate in the payment process, upload legal content, or interact with AVHOS systems in any way.

Your use of the AVHOS platform implies that you have read and understood the information provided under this Policy. However, for data processing activities requiring explicit consent, the relevant consent procedures are also applied.

ARTICLE 2 – IDENTITY OF THE DATA CONTROLLER

In accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”), your personal data may be processed by AVHOS Legal Automation Systems, acting as the data controller, whose details are set out below:

Company Name: AVHOS Legal Automation Systems
Address: Kartaltepe Mah. 1. Malazgirt Cad. No:6/2 Küçükçekmece/İstanbul
Email: info@avhos.com
Telephone: 0850 885 08 44
Website: www.avhos.com

ARTICLE 3 – RELEVANT LEGISLATION AND FUNDAMENTAL PRINCIPLES

AVHOS complies with all relevant regulations, primarily the following legislation, in the processing of personal data:

  • Law No. 6698 on the Protection of Personal Data,
  • Law No. 1136 on the Bar,
  • Turkish Commercial Code No. 6102,
  • relevant KVKK legislation and secondary regulations concerning the transfer of personal data abroad,
  • data transfer and compliance standards derived from foreign law, to the extent applicable.

AVHOS processes personal data;

  • in compliance with the law and the principles of good faith,
  • accurate and, where necessary, up-to-date,
  • for specific, explicit and legitimate purposes,
  • in a manner that is relevant, limited and proportionate to the purpose for which they are processed,
  • for the period prescribed by relevant legislation or as necessary for the purpose for which they are processed

.

ARTICLE 4 – CATEGORIES OF PERSONAL DATA PROCESSED

The personal data that may be processed by AVHOS may fall into the following categories, depending on the nature of the relevant service:

4.1. Identity and Account Information

  • first name, surname,
  • username,
  • title,
  • professional information,
  • Bar Association / registration details,
  • tax identification number,
  • Turkish ID number [only if required by legislation, for invoicing or mandatory verification],
  • password information (not the plaintext password, but technically protected / hashed data).

4.2. Contact Information

  • email address,
  • telephone number,
  • address,
  • communication preferences,
  • records relating to support and information communications.

4.3. Customer Transaction and Subscription Information

  • membership details,
  • subscription and package details,
  • order and payment process records,
  • contract approval records,
  • support requests,
  • complaint and application records,
  • user dashboard activity history,
  • call or correspondence records.

4.4. Financial Information

  • invoice details,
  • payment transaction details,
  • collection information,
  • payment status,
  • bank/transfer details,
  • limited transaction data verified via payment providers.

AVHOS aims not to store the entire payment card; depending on the nature of the payment infrastructure, only limited payment transaction data may be processed.

4.5. Usage and Technical Information

  • platform usage statistics,
  • feature usage data,
  • error reports,
  • IP address,
  • browser type and version,
  • operating system information,
  • device information,
  • login and logout records,
  • traffic and log records,
  • session information,
  • security authentication logs,
  • cookie data.

4.6. Legal Proceedings and Compliance Information

  • records subject to requests from authorised bodies,
  • legal dispute files,
  • application and response records,
  • records relating to retention and disposal processes,
  • documents necessary for the establishment, exercise and protection of rights.

4.7. Marketing Information

 Where explicit consent has been given:

  • campaign preferences,
  • consent information for commercial electronic communications,
  • limited marketing data relating to usage habits,
  • preference and segmentation information.

4.8. Legal Content Uploaded to the System by the User

Content uploaded to the system by the user or created on the platform:

  • case files,
  • assistant chat data,
  • uploaded documents,
  • petition contents,
  • AI analysis results,
  • notes, explanations, drafts and other legal content

 may also be processed depending on the nature of the service.

With regard to personal data contained within this content, AVHOS’s role is assessed separately as a data controller, data processor or technical service provider, depending on the specific service architecture and the scope of the data processing relationship.

ARTICLE 5 – LEGAL DATA UPLOADED BY THE USER AND THE OBLIGATION TO MASK DATA

As the AVHOS platform may be subject to intensive data input, particularly by lawyers, law firms and users managing legal processes, there is a particular need for sensitivity regarding content uploaded to the system by users.

Where case files, petitions, legal documents, correspondence, texts subject to AI analysis, and all other content uploaded by the user to the system contain personal data belonging to third parties:

  • they possess the necessary legal grounds,
  • has provided information to the relevant individuals where necessary,
  • that they have obtained explicit consent where required,
  • that the data has been obtained in accordance with the law,
  • they have the authority to process and transfer the data

acknowledges.

It is essential that all personal data contained in the legal content uploaded to the platform—including not only special category data but also general category personal data such as name, surname, telephone number, email address, postal address, identity number, vehicle registration number, file information, images and other such data—be masked, anonymised or pseudonymised to the greatest extent possible.

With regard to data belonging to third parties uploaded to the system by the User within the scope of their own activities, the User is primarily responsible for compliance with relevant legislation. Whilst AVHOS endeavours to take appropriate technical and administrative measures, the User retains primary responsibility for the lawfulness, accuracy, up-to-date nature and processing authorisation of the uploaded data.

ARTICLE 6 – PURPOSES OF PROCESSING PERSONAL DATA

Your personal data collected may be processed for the following purposes within the framework of the processing conditions set out in Articles 5 and 6 of the KVKK:

  • receiving and assessing membership applications, creating and managing accounts,
  • provision of AVHOS services,
  • case file management, AI analysis, petition creation and the execution of other platform services,
  • providing access to the user account, identity verification, session management and ensuring account security,
  • execution of order, sales, collection, invoicing, accounting and financial processes,
  • handling user support, technical support, requests, suggestions, complaints and applications,
  • improving service quality, software development, testing, maintenance, troubleshooting and performance analysis,
  • planning, auditing and implementing information security processes,
  • preventing fraud and unauthorised access,
  • generating usage statistics and improving the user experience,
  • fulfilling legal obligations,
  • meeting the requests of authorised public institutions and organisations,
  • the creation of evidence in legal disputes and the establishment, exercise and protection of rights,
  • conducting campaign, promotional, advertising, marketing and commercial electronic communication activities where explicit consent has been given.

ARTICLE 7 – METHODS OF COLLECTING PERSONAL DATA

Your personal data may be collected, in whole or in part, by automated means or by non-automated means provided that such means form part of a data recording system, via the following channels and methods:

  • website,
  • mobile application,
  • user panel,
  • membership and application forms,
  • payment screens,
  • support and contact forms,
  • email,
  • telephone,
  • call centres or support lines,
  • cookies and similar technologies,
  • log records,
  • contracts,
  • written or electronic applications,
  • in-system messaging or technical support processes,
  • documents and content uploaded to the platform by the user.

ARTICLE 8 – LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Your personal data may be processed on the following legal grounds:

  • where it is directly related to the conclusion or performance of a contract,
  • where it is necessary for the data controller to comply with a legal obligation,
  • where processing is necessary for the establishment, exercise or defence of legal claims,
  • where processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe upon the fundamental rights and freedoms of the data subject,
  • where expressly provided for by law,
  • the data subject’s explicit consent being present where such consent is required.

Sensitive personal data is processed only in accordance with the relevant legislation, by taking the necessary technical and organisational measures, and to the extent that the legal conditions for processing are met.

Processing based on explicit consent is distinguished from processing based on other legal grounds. Appropriate explicit consent procedures are additionally implemented for activities requiring explicit consent.

ARTICLE 9 – TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the following recipient groups in order to fulfil the purposes specified above and in accordance with Articles 8 and 9 of the KVKK:

  • payment institutions, banks, e-invoice/e-archive service providers and parties from whom accounting consultancy services are obtained,
  • suppliers providing server, hosting, software, maintenance, security, support, infrastructure, integration and cloud services,
  • law firms, solicitors, auditors, consultants and, where necessary, solution partners,
  • authorised public institutions and organisations, courts, enforcement offices, law enforcement agencies and administrative authorities,
  • affiliates, subsidiaries or group companies [if any and to the extent necessary].

Information may be shared with courts, public prosecutors, law enforcement agencies, regulatory bodies and other authorised public institutions and organisations in the event of legal obligations or lawful requests from competent authorities.

AVHOS does not sell users’ data; it does not adopt the practice of selling data to third-party advertisers or freely transferring it for general marketing purposes.

ARTICLE 10 – THIRD-PARTY SERVICE PROVIDERS AND TRANSFERS ABROAD

AVHOS may, from time to time, work with third-party service providers to deliver the service. In this context, the following types of infrastructure may be used, for example:

  • server and hosting infrastructure,
  • artificial intelligence model providers,
  • CDN and security services,
  • database infrastructures,
  • cache, queue and performance tools,
  • analytics or technical support systems.

Depending on the specific technical architecture, some service providers may be based in Turkey, whilst others may be located abroad. Consequently, personal data may be transferred abroad to the extent required by the service infrastructure.

Where data transfer abroad is necessary, such transfers shall be carried out

  • in accordance with applicable legislation,
  • based on an adequacy decision where one exists,
  • relying on appropriate safeguards where available,
  • using standard contractual clauses, a commitment letter or similar appropriate transfer mechanisms,
  • and, where necessary, with the explicit consent of the data subject

the transfer is carried out.

In cases requiring explicit consent, no transfer shall be made without obtaining such consent. The current legal regime and technical infrastructure regarding cross-border transfer processes shall be assessed separately.

ARTICLE 11 – COOKIES AND SIMILAR TECHNOLOGIES

Cookies and similar technologies may be used on AVHOS’s website and digital platforms for the purposes of service operation, session management, security, remembering preferences, performance measurement and improving the user experience.

Cookie types generally include:

  • essential cookies,
  • functionality cookies,
  • analytical and performance cookies,
  • advertising, marketing and tracking cookies

.

Essential cookies are used to ensure the website functions properly. User preferences are taken into account as necessary regarding analytics, performance, advertising and preference-based cookies, and cookies requiring explicit consent are kept disabled by default.

Cookie preferences;

  • the cookie preference panel,
  • browser settings,
  • opt-out tools provided by the relevant service provider

.

Detailed information regarding cookies, the legal basis, retention periods, third-party cookies and the possibility of cross-border transfers is also set out in the AVHOS Cookie Policy.

ARTICLE 12 – STORAGE, DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

Personal data is retained for the period prescribed by relevant legislation or for as long as necessary for the purpose for which it is processed. In determining the retention period:

  • the provisions of relevant legislation,
  • the contractual relationship,
  • statute of limitations periods,
  • legal obligations,
  • evidence requirements,
  • information security requirements,
  • AVHOS’s legitimate interests

are taken into account.

Where the grounds for processing cease to exist, personal data shall be erased, destroyed or anonymised, either on AVHOS’s own initiative or at the request of the data subject, in accordance with applicable legislation. These processes are carried out in accordance with AVHOS’s retention and destruction policies and internal procedures.

ARTICLE 13 – MEASURES RELATING TO DATA SECURITY

AVHOS takes care to implement reasonable technical and administrative measures appropriate to the nature of the personal data in order to prevent the unlawful processing of personal data, to prevent unauthorised access to the data, and to ensure the secure storage of the data.

Measures that may be implemented in this context include the following:

13.1. Encryption and Technical Protection

  • TLS/SSL transmission security,
  • database encryption,
  • password/encryption hashing,
  • firewall,
  • DDoS protection,
  • brute force protection,
  • intrusion detection / security monitoring,
  • antivirus and malware protection,
  • regular security testing and system updates.

13.2. Access Control and Authorisation

  • role-based access control (RBAC),
  • restricted access permissions,
  • session management,
  • logging,
  • multi-factor authentication or similar authentication tools,
  • user and staff authorisation matrices.

13.3. Administrative Measures

  • employee confidentiality agreements and undertakings,
  • regular security training,
  • policies and procedures,
  • data breach response plan,
  • contractual security provisions with data processors,
  • backup and business continuity processes.

However, it should be noted that no data transmission carried out over the internet is absolutely secure; certain risks cannot be completely eliminated due to cyber attacks, infrastructure failures, issues with third-party service providers or force majeure.

ARTICLE 14 – PROCEDURE TO BE FOLLOWED IN THE EVENT OF A DATA BREACH

In the event of a data breach being detected or a strong suspicion arising, AVHOS shall endeavour to take the necessary technical and administrative measures in accordance with the nature of the specific incident.

In this context:

  • the security vulnerability is addressed,
  • efforts are made to limit the impact of the breach,
  • the necessary investigations and record-keeping procedures are carried out,
  • a notification is made to the Personal Data Protection Authority/Board if required by applicable legislation,
  • affected users are informed using appropriate methods,
  • measures are taken to prevent recurrence.

ARTICLE 15 – CHILDREN’S PRIVACY

The AVHOS platform is not, as a rule, intended for children under the age of 18. It is not intended to knowingly collect personal data from users under the age of 18.

If it is believed that a person under the age of 18 has registered on the platform without authorisation, the relevant parent or legal guardian must contact AVHOS. In such a case, the specific circumstances will be investigated and appropriate action taken.

ARTICLE 16 – RIGHTS OF THE DATA SUBJECT

In accordance with Article 11 of the KVKK, as a data subject, you have the following rights:

  • to find out whether your personal data has been processed,
  • to request information regarding the processing of your personal data,
  • to find out the purpose of the processing of your personal data and whether it is being used in accordance with that purpose,
  • to know the third parties to whom your personal data has been transferred, whether within or outside the country,
  • to request the rectification of your personal data if it has been processed inaccurately or incompletely,
  • to request the erasure or destruction of your personal data in accordance with the conditions set out in the KVKK,
  • to request that third parties to whom your personal data has been transferred be notified of any rectification, erasure or destruction,
  • objecting to a decision made solely through the automated processing of your personal data that adversely affects you,
  • to claim compensation for any damage suffered as a result of the unlawful processing of your personal data.

Where applicable, requests for structured data, objections to automated processing and similar data protection requests may also be assessed separately depending on the nature of the specific case.

ARTICLE 17 – PROCEDURE FOR SUBMITTING REQUESTS

You may submit requests regarding your rights under the KVKK to AVHOS in accordance with the legislation. Applications may be made:

  • in writing by post,
  • via the email address registered in the AVHOS system

.

The application channels are as follows:

Address: Kartaltepe Mah. 1. Malazgirt Cad. No:6/2 Küçükçekmece/İstanbul
Email: info@avhos.com

Applications must include your full name, the subject of the application, a description of the request, and the necessary information for identity verification. Additional information and documents may be requested depending on the nature of the request.

Applications are processed within the timeframe stipulated by legislation and, as a rule, concluded within a maximum of 30 days.

ARTICLE 18 – CONFIDENTIALITY OBLIGATIONS, PROFESSIONAL SECRECY AND THIRD-PARTY DATA

AVHOS users are obliged to act in accordance with the legislation and professional obligations regarding any personal data, trade secrets, professional secrets, confidential information and sensitive content to which they have access, which they process or store via the system, particularly in relation to legal services and document management processes.

With regard to data related to legal practice or legal representation, professional secrecy, the duty of confidentiality and specific security requirements must be particularly observed.

The User acknowledges that, prior to uploading data belonging to third parties to AVHOS systems, they possess the necessary legal basis, and that the data has been lawfully obtained and may be processed. The User shall be liable for any claims arising from a breach of this obligation, unless AVHOS is at fault.

ARTICLE 19 – POLICY CHANGES

AVHOS may make changes to this Text in accordance with legislative amendments, Board decisions, technical requirements, changes to the scope of services, updates to the infrastructure used, or company policies.

The updated text shall take effect from the date of publication on the Site, together with the effective date. Where deemed necessary, significant changes may be additionally notified via email or in-platform notifications.

With regard to new data processing activities requiring explicit consent, we do not rely solely on policy updates but also implement appropriate explicit consent mechanisms.

ARTICLE 20 – CONTACT AND COMPLAINTS

You may use the following contact channels for enquiries regarding privacy, personal data, cookies, data security or applications under the KVKK:

Email: info@avhos.com
Address: Kartaltepe Mah. 1. Malazgirt Cad. No:6/2 Küçükçekmece/İstanbul
Telephone: 0850 885 08 44

If you believe your rights have been infringed, it is recommended that you first contact AVHOS. Depending on the outcome of your application, the avenues for applications and complaints before the Personal Data Protection Board may also be considered in accordance with the applicable legislation.

ARTICLE 21 – ENTRY INTO FORCE

This Privacy Policy and the Information Notice on the Processing of Personal Data shall enter into force on 14 April 2026 and shall take effect from the moment it is published on AVHOS’s website and related services.