ScoutAtlas
Legal · plain-English summaries above each section

Scout Atlas legal.

Plain language first, formal language second. We treat legal pages as products — readable, well-versioned, and honest about what we do and don’t do.

Plain summary

Scout Atlas processes personal data in line with the EU General Data Protection Regulation (GDPR), the UK GDPR, and Türkiye Law No. 6698 on the Protection of Personal Data (KVKK). This page maps our practices to those regimes and tells you how to exercise your rights.

Roles

  • Controller. For personal data collected on the marketing site (cookies, contact forms, access requests), Oney Finansal Danışmanlık Turizm ve Dış Ticaret AŞ is the controller.
  • Processor. For personal data processed inside member-club workspaces (briefs, shortlists, Deal Room data), Oney AŞ acts as a processor on behalf of the member club.

Lawful basis for processing

  • Contract. Running the platform you subscribed to.
  • Legitimate interests. Securing the platform, detecting abuse, improving the product through aggregated analytics.
  • Consent. Marketing emails (opt-in only), optional biometric / medical data ingestion, transcripts of recorded calls.
  • Legal obligation. Tax and accounting records under Turkish and EU law.

Your rights

Under GDPR, UK GDPR, and KVKK, you have the right to access, correct, port, and delete your personal data, and to restrict or object to processing in certain circumstances. Email legal@scoutatlas.co — we respond inside 30 days.

Data Protection Officer

Oney AŞ has appointed a Data Protection Officer (DPO) responsible for GDPR/UK GDPR compliance, who also serves as the KVKK Veri Sorumlusu Temsilcisi for Türkiye-resident data subjects. The DPO can be reached at dpo@scoutatlas.co.

International transfers

Where personal data is transferred outside the EEA or the UK, we rely on the European Commission’s Standard Contractual Clauses (SCCs) or, where applicable, an adequacy decision. Member clubs based in the EU can request EU-region data residency on Analyst tier and above. KVKK transfers outside Türkiye are conducted under the safeguards required by KVKK Article 9.

Data Processing Addendum

A signed Data Processing Addendum (DPA), aligned with Article 28 GDPR, is included in every member-club order form. Standalone DPAs are available on request.

Supervisory authorities

  • EU residents. Lodge a complaint with your local supervisory authority, listed at edpb.europa.eu.
  • UK residents. The Information Commissioner’s Office (ICO), ico.org.uk.
  • Türkiye residents. Kişisel Verileri Koruma Kurumu (KVKK), kvkk.gov.tr.

Incident notification

Where a personal data breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify affected supervisory authorities inside 72 hours and the affected data subjects without undue delay, with the technical detail required by Article 33 and 34 GDPR / KVKK Article 12.

Operated by Oney Finansal Danışmanlık Turizm ve Dış Ticaret Anonim Şirketi (“Oney AŞ”), a joint-stock company organised under the laws of the Republic of Türkiye, with registered office in İstanbul, Türkiye.

Last updated · 5 May 2026 · contact: legal@scoutatlas.co