Legal Notice & GDPR Compliancy

Bozalioglu Tic Ltd. Sti ("Woodboz")

The European Commission provides a platform for the out-of-court resolution of disputes (ODR platform), which can be viewed under

Legal information about website

All texts, images and pieces of information published here are governed by the provider’s copyright, insofar as the situation does not involve the copyrights of external parties. In any event, an operation involving duplication, distribution or public reproduction may only be carried out if revocable and untransferable authorisation has been obtained from the provider.

The provider assumes no responsibility for the online contents that are linked through the use of cross-references (links), since the situation in question does not involve in-house contents. The linked sites were checked for illegal contents, and no such contents were discernible when the link was set up. The operators of the linked sites are responsible for their contents. In this regard, the supplier is not subject to any general obligation to monitor or check. However, if a violation of the law becomes known, the respective link will promptly be removed.

1. Our GDPR principles

  • we will process all personal data fairly and lawfully
  • we will only process personal data for specified and lawful purposes
  • we will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
  • we will not keep personal data for longer than is necessary
  • we will keep all personal data secure
  • we will endeavor to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection

2. GDPR compliance

As part of our GDPR preparation process, we are reviewing and updating all our internal processes, procedures, data systems and documentation in order to help ensure that we are ready when GDPR comes into force in May 2018.

The IPO will be complying with the GDPR as a controller and processor of data and have been planning and developing a programme of works which will deliver what is required by the legislation. This will involve working with our suppliers and partner organizations to ensure they can meet these obligations.

We will implement the relevant policies and practices to ensure we protect any data handled by the IPO – for its employees, customers, suppliers, partners and stakeholders, specifically including the following:

  • employees will be made aware of the GDPR and restrictions and obligations within it as may be relevant to them, with the relevant training provided as necessary. Each staff member will have completed an on-line awareness course and staff with key data protection responsibilities a GDPR Awareness Workshop
  • all new employees joining after the 25th May will receive awareness training as part of our induction programme
  • suppliers who process personal data on behalf of the IPO have been identified and asked to provide details of their state of compliance with the GDPR and where appropriate agree to new contractual arrangements. Any new supplier will not be taken on unless we are satisfied that they comply with the new data protection regulations

3. Our GDPR actions to date

  • we have appointed a Data Protection Officer
  • our internal project is maintaining a log of GDPR compliance work, which will be available to scrutiny if/when asked
  • we undertook a gap analysis of all our business processes where personal data is either held or collected and produced an action plan
  • we are reviewing and updating our range of policies, including our Data Protection Policy and Subject Access Requests Policy
  • we are updating our privacy policy on our website to incorporate our GDPR obligations. These will be available to view from 25 May
  • we have introduced mechanisms to identify a potential personal data breach, how these will be investigated and reported, where necessary within 72 hours
  • we are undertaking a systematic review of the personal data we store, manage, maintain, collect, process and control
  • we have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently
  • we have introduced legitimate interest assessments where we rely on legitimate interest as the lawful basis for processing any personal data
  • we have conducted data mapping of all our processes involving personal data
  • we are providing training to our employees and generally raising the awareness and importance of GDPR to our business and their individual responsibilities arising from this
  • we are and will continue to look at ways of improving our systems and procedures to better comply with GDPR best practice
  • we will continue to monitor our GDPR plans up to the target date in May 2018 and beyond

4. Contact us

In case for any inqury for GDPR any other privacy & security related issues please contact us at We will get back to you in a day.

Woodboz Team