CLARIFICATION TEXT REGARDING PROTECTION OF PERSONAL DATA
As DenizBank A.Ş (Bank), we act with the title of data supervisor and wish to inform you on ways of obtaining your Personal Data, purposes of processing, legal reasons and your rights in line with the security of our valuable customers, confidentiality of personal life, principle on protecting basic rights and freedoms of persons and in as per Article 10 of Law on Protection of Personal Data numbered 6698, regarding the identity, communication, legal proceeding, customer proceeding, location, CCTV footage, risk management information, financial, visual and auditory records, demographical information, job, education level, and income level, legal data, biometrical data including your biometrical photograph, all kinds of personal data including your health data and/or data with personal quality, corporate, commercial and other data, information and documents (Personal Data)
PROCESSING PURPOSES REGARDING YOUR PERSONAL DATA
Offering services mentioned in the article 4 of the Banking Law numbered 5411, primarily banking services, foreign trade services, loan providing services, insurance retirement and other agency services, intermediation services, along with offering banking, insurance and financial products, carrying out proceedings regarding those, their execution, development, execution of operational processes, complying with risk monitoring and notification liabilities, sharing them with relevant authorities when necessary, auditing them and carrying out activities for their sustainability and continuity,
Realizing liabilities stated in the Banking Law, Law on Debit Cards and Credit Cards, Law on Prevention of Laundering of Crime Revenue, Payment & Security Agreement Systems, Law on Payment Services & Electronic Money Establishments and legislations that the Bank is subject to; complying with prevention of Money Laundering legislation and with domestic and international legislation; using the system that allows electronic messages to be taken, right to reject to be used and complaint processes to be managed (İYS System) as per the Law on Arrangement of Electronic Commerce numbered 6563 and its base Commercial Communication & Commercial Electronic Messages legislation;
Ensuring that data is kept up to date and accurately;
Contacting customer regarding services and products subject to banking activities, making offers, planning and realizing introduction, marketing and campaign activities;
Realizing the liabilities of the contracts you made and/or we made;
Recording identity and address, job, income, and information such as way of making proceedings in order to fulfill identification requirements as per the legislations that the Bank is subject to; notifying the nearest branch/ATMs to the location in the mobile application
Intelligence, information investigations, and credibility assessments, planning and statistics;
Analyzing and developing Banking systems, maintaining application management operations, executing/planning information processes, establishing infrastructures for information systems, managing, auditing and implementing them;
Quality standards, security, prevention of fraud, resolution of conflicts, recording and auditing correspondence, communication and proceedings;
Fictionalizing business processes and business activities of the Bank, planning operational processes and purchasing operations, ensuring their execution and security; management of relations with support service providers, business partners or suppliers, executing support services upon service sale,
Maintaining and executing customer relations; customer satisfaction activities, developing appropriate services and products for the customer, and ensuring that those are offered continuously, carrying out market searches, profiling, segmentation, scoring, risk analysis, customer relations management, recording notifications such as complaints, objections, requests, and suggestions and assessing requests and complaints communicated through social media, generating solutions for them;
Arranging all records and documents in electronic format (communicated through SWIFT, internet / mobile banking, Head Office Units, Branches, kiosks, ATMs, internet branch, call center and similar channels) or on paper which will constitute a base for the proceedings;
Being used for the products and services to be offered with agency title;
Enhancing the reputation of the Bank and business relations and identifying strategies, planning and performing business activities and operational processes; realizing corporate communication activities,
Performing the follow up of litigations and execution for debt on which the Bank is a side, and following up and performing other legal processes;
Recording camera footage and images in head office and additional service units, ATMs and branches, recording biometrical photograph on your national identity card with security and identity detection purposes in order to ensure legal and physical security and constitute a basis for the proceeding that is carried out in a secure manner and also to ensure that those are in line with legal liabilities;
Recording your voice, biometrical photograph and/or footage in order to arrange all records and documents in electronic format (communicated through SWIFT, internet / mobile banking, Head Office Units, Branches, kiosks, ATMs, internet branch, call center and similar channels) or on paper which will constitute a basis for the proceedings;
Planning and realizing support services and liabilities;
Performing the activities that the Bank executes with principal shareholders and domestic, overseas branches and subsidiaries and managing relations;
keeping logs in case of use of internet access;
planning and executing corporate sustainability, corporate management, strategical planning and information security processes;
complying with keeping, reporting, notifying information stated by Banking Regulation and Supervision Agency, Capital Markets Board, Central Bank of Republic of Turkey, FCIB, The Banks Association of Turkey, KOSGEB, Turkish Revenue Administration, Undersecretariat of the Ministry of Treasury, Social Security Institution, Merkezi Kayıt Kuruluşu A.Ş, Ministry of Finance, Credit Registration Bureau, The Banks Association of Turkey (TBB) and other authorities;
offering a better and more reliable service and maintaining it continuously,
Fulfilling all administrative, legal liabilities and liabilities arising from the contracts Bank signed including product and service contracts that we have signed;
Offering open banking services;
Identification of the risk group I will be involved in, its monitoring, reporting and controlling for the loan limits to be offered to the risk group as per the banking legislation; (Further explanation regarding identification of risk groups is available in the article 49 of the Banking Law. In addition to this, other real persons and legal entities to be involved in the scope of risk group are determined by Banking Regulation and Supervision Agency.)
As per Article 73/4 of Banking Law, Consolidated financial table preparation activities of the partner company, risk management and assessment activities
METHOD OF COLLECTING PERSONAL DATA
When you establish a legal relation with our Bank and as long as the relation continues,
Your personal data may be gathered through head office units, branches, ATMs, kiosks, internet branch, mobile banking channels, call center and other phone channels, internet websites, contracts, electronic mail, application forms, written and verbal communication channels carried out with the Bank and through public establishments and institutions, dealers and sale offices, unions and associations such as commerce and artisan chambers, with reasons of security practices, with the method of recording CCTV footage at branches, regional offices and head office and via parties, contracted establishments and support service and external service establishments such as SMS, email, cookies, and similar tracing technologies, facsimile, mail, cargo or carrier services which your Bank receives complementary and additional services; and to the extend that the legislation and contracts permit, databases of similar establishments and institutions, companies whose activities we operate with intermediation and agency titles, correspondent/addressee banks, customer interviews, merchants, POS devices, Social Security Institutions records, domestic and international authorities/institutions and system integrations between the Bank and public establishments and institutions (Identity Sharing system, Address Sharing System, Trade Registry Gazette, Land Registry Information System, Risk Center, Credit Registration Bureau, electronic pledge etc.) - in line with legal legislation limits, media, social media, recorded email, electronic notification, mail, facsimile, text message and through international money transfer such as SWIFT, all kinds of notifications, applications, interviews and similar/miscellaneous channels, either completely or partially, either through automatic or non automatic methods, in written, verbal or electronic format.
LEGAL REASONS ON THE COLLECTION METHODS OF YOUR PERSONAL DATA
As per the Law on Protection of Personal Rights,
- You need to give explicit consent in line with articles 5/1 and 6/2,
- It is explicitly stated in the laws promulgated in article 5/2 (a),
- In line with article 5/2 (b), it is compulsory for protecting the life or bodily integrity of someone who cannot give consent due to actual impossibility or of the person whose consent is not legally valid or of someone else.
- On condition that it is necessary to process personal data of the contract parties in order to establish and perform the contract stated in article 5/2(c),
- Our Banks fulfilling its legal liability as stated in article 5/2(ç),
- Relevant persons making the data public as stated in article 5/2(d),
- It is compulsory to process data to establish, use or protect a right as stated in article 5/2(e),
- It is compulsory for the data supervisor Bank to process data due to its legitimate interests as long as it does not harm basic rights and freedoms of the relevant person as stated in article 5/2(f)
- Personal data except health and sexual life stated in article 6/3, when conditions stated in the law are present; personal data on health and sexual life can only be shared to protect public health, maintain preventive medicine, medical diagnosis, treatment and care services and for planning and managing health services
Your Personal Data can be processed based on the legal reasons stated above.
PERSONS/INSTITUTIONS THAT YOUR PERSONAL DATA MAY BE TRANSFERRED TO DUE TO THE PURPOSES STATED ABOVE
Your Personal Data can be transferred to companies and individuals in the group of companies where our bank is involved, the direct and indirect subsidiaries of the Bank in Turkey and abroad, other shareholders of the Bank including primary shareholders and their subsidiaries, employees, company officers, legal, financial and tax consultants, supervisors, consultants, establishments, parties which the Bank receives complementary and extended services from, cooperates with and support services establishments including Credit Registration Bureau and FINDEKS, business partners, suppliers, external service establishments and contracted establishments, card payment system establishments and organizations - either international or in Turkey as per the Law numbered 6493 and relevant legislation - including Europay INT.SA, Moneygram Group (Moneygram Payment Systems Inc. ve Moneygram Turkey Ödeme Sistemleri A.Ş.), Mastercard INT.INC., Visa INC., JCB CO.LTD., Maestro, Electron, system operators, electronic money establishments, payment system providers, cloud informatics service providers, authorities such as Banking Regulation & Supervision Agency (BRSA), Personal Data Protection Authority, Capital Markets Board (CMB), Central Bank of Republic of Turkey (CBRM), FCIB, The Banks Association of Turkey, KOSGEB, Turkish Revenue Administration (GİB), Undersecretariat of the Ministry of Treasury, Social Security Institution (SGK), ministries and legally capable public establishments such as legal authorities and private establishments/institutions, correspondent bank and domestic/overseas financial institutions and domestic/overseas merchants when necessary, to persons, establishments and institutions which article 73/4 of the Banking Law and other legislation provision permits and third parties that have my clear consent, also persons, establishments and/or institutions for which we execute intermediation and agency activities in order to fulfill liabilities arising from agency and intermediation titles, courts of law for the follow up and execution of legal processes, legal bureaus, asset management companies, independent audit companies to ensure that activities are performed in line with the legislation; as per article 8 of Law on Protection of the Personal Data regarding transfer of personal data and article 9 regarding transferring personal data overseas. Your personal data may be processed by them.
Personal Data, which is necessary for electronic transfer messages regarding all kinds of money transfers to domestic and overseas accounts, including transactions realized via banks and/or by using swift system, foreign trade proceedings, and for the proceedings which are bound to them, may be transferred to third parties and establishments including banks and financial establishments based in Turkey or overseas. Personal Data may be processed by them.
If you are a real person or legal entity with US and/or EU origin, or if you make transactions on US and/or EU markets and/or if you are subject to US and/or EU tax laws, or due to miscellaneous legal requirements, your account number, identity information, address, - including the relevant account - all account, proceedings and your Data may be transferred to U.S Internal Revenue Service (IRS), European Securities Market Authority (ESMA), and/or to all relevant US and/or European establishments and institutions as per United States of America (USA) Dodd Frank (Dodd Frank Wall Street Reform and Consumer Protection Act) and FATCA (Foreign Account Tax Compliance Act), ISDA (International Swaps and Derivatives Association) and European EMIR (European Market Infrastructure Regulation) and CRS (Common Reporting Standard) laws and all other relevant legal arrangements. Your Personal Data may be processed with this purpose.
Your data may be transferred to our Banks domestic and overseas direct and indirect subsidiaries, Principal Shareholders and other shareholders, their subsidiaries, employees, company officers, legal, financial and tax consultants, auditors and it may be processed for creating consolidated financial tables, risk management and assessment activities for the parent company in line with data processing terms and purposes of central information system in our Principal Shareholder and as per the terms and purposes stated in article 8 of the Law on Protection of Personal Data regarding transfer of personal data and article 9 regarding transferring personal data abroad.
YOUR RIGHTS IN LINE WITH ARTICLE 11 OF THE LAW
By applying to our Bank, you are entitled to a) learn if your personal data has been processed, b) request information if your personal data has been processed c) learn the purpose of your personal data being processed and learn if it is used in line with purpose, ç) know domestic and overseas third parties that your personal data has been transferred to, d) request it to be fixed if your personal data has been incorrectly processed, ,e) request that your personal data be deleted or destroyed as per the terms stated in article 7 of the Law, f) request that third parties that your personal data is transferred to state proceedings carried out in line with sub-paragraphs (d) and (e), g) object to a result against you which stems from your personal datas being analyzed exclusively by automatic systems and ğ) request that restitution is made for the damage arising from unlawful processing of your personal data. You may exercise your rights as of 07.10.2016 which is the effective date of the arrangement. Our right is reserved to request you to pay for expenses made by our Bank to fulfill your requests, as per the tariff stated in article 13 of Law on Protection of Personal Data with the title Application to data supervisor.
SITUATIONS THAT DO NOT REQUIRE CONSENT
As per the Paragraph 2 of Article 5 of the Law on Protection of Personal Data numbered 6698, Bank is entitled to process personal data without getting explicit consent on condition that it is explicitly stated in the law, it is related directly to establishing and performing a contract, it is necessary to process personal data that belongs to parties of the contract, it is necessary for DenizBank A.Ş. to fulfill legal liabilities as data supervisor, it is made public by the relevant person, it is compulsory to process data for establishing, using or protecting a right, it is compulsory for the Bank, which is the Data Supervisor, due to its legitimate interests as long as it does not harm basic rights and freedoms of the relevant person, and in exceptional cases that are promulgated in the article 73/4 of the Banking Law. As per the principle of clarity that is published or made public or stated in the law, when Bank discloses, uses, transfers Personal Data stated in the trade registry or balance sheets and activity report or the Personal Data to be disclosed due to the clarification of the public due to the legislation that the Bank is subject to and/or discloses, uses, transfers Personal Data to fulfill legal liabilities and/or shares with people who may demand confidential information due to the law are not subject to confidentiality obligation and the Bank is entitled to disclose, give, process and transfer mentioned Personal Data to relevant people without getting an additional deed of consent for them.
LEGAL LIABILITY ON KEEPING
As per the Article 42 of the Banking Law numbered 5411 and Article 17 of the Regulation on Rules and Procedures Regarding Accounting Practices of Banks and Keeping Documents, it is a legal liability for our Bank to keep your information and documents for ten years. Should you demand your personal data be deleted or destroyed, your request will be realized at the end of 10 years. Despite the fact that the mentioned time is passed, Personal Data may become anonymous in line with the legitimate interests of our Bank with a purpose of realizing risk analysis and other banking analysis and assessments in order to improve banking services, and make them more secure. The personal data which does not fall into this scope will be deleted upon your request.
SHOULD YOU WISH TO CONTACT US FOR YOUR REQUESTS
Should you wish to contact us in line with the Law on the Protection of Personal Data, give feedback or ask questions, you may send out your petition that involves your identity documents and request to our branches, to Büyükdere Cad. No:141 34394 Esentepe-İSTANBUL address, send them to us via notary public or submit to firstname.lastname@example.org address with secure electronic signature
YOU MAY REACH THE CONFIDENTIALITY POLICY ON THE PROTECTION OF PERSONAL DATA AND CODES OF PRACTICE & NOTIFICATION FORM ON THE PROTECTION OF PERSONAL DATA ON THIS LINK: HTTP://WWW.DENİZBANK.COM/KVK/
Personal Data Protection, Storage and Destruction Policy