Goto Menu Goto Content

Accounts

Cards

Loans

Digital Products

Notification On Protection Of Personal Data

1. Purpose and Scope

This Data Privacy Notice (‘Notice’) has been prepared in accordance with the Law on Protection of Personal Data (LPPD) numbered 6698 in order to inform you on your personal data processed by DenizBank A.Ş., methods of collecting your personal data, legal basis and purpose of processing your personal data, persons/institutions to where your personal data are transferred, purpose of transfer and rights on natural persons whose personal data are processed.

As DenizBank A.Ş. we act as the Data Controller as per LPPD and take necessary measures on processing and keeping your personal data.

The table below shows information of our bank that processes your personal data.

Title DENİZBANK A.Ş.
Address Büyükdere Cad. No:141 Esentepe 34394 Şişli / ISTANBUL
Central Registry System / Registry No. 0292-0084-4960-0341 / 368587 

This Notice is valid for the natural persons indicated below:

  • All our current and potential customers (“Customers”): Certain parts of the Notice may only be valid for our customers who have certain accounts and products within our bank. These circumstances have been explicitly stated in this Notice to inform you.
  • Persons who are not our customers: Persons who are not our customers refer to any person who transacts through our bank whether or not through an account, natural persons who are/will be party to any collateral allocated/to be allocated in favor of our bank (guarantor, assignee/pledge debtor, spouses where sought by legislation), natural persons who visit our bank website, headquarter or branch, natural persons who are shareholders, final real beneficiaries, Board members or representatives/authorized persons of any companies that are our customers, natural persons who carry out other transactions with our bank or our customers.

DenizBank Financial Services Group (DFSG) under this Notice refers to direct and indirect domestic and foreign subsidiaries of DenizBank and other shareholders including the shareholder together with their sister companies and subsidiaries.

2. Your Processed Personal Data

Your processed personal data are those directly given by you or indirectly collected from relevant bodies due to your transactions. Your personal data processed by our bank are given below in data categories:

  • Your personal details (for instance; your name, surname, mother’s maiden name, date and place of birth, marital status, passport information, driver’s license or ID number and other identification documents),
  • Your contact information (for instance your phone number, e-mail address, residence address, work address or mobile number),
  • Biometric data (for instance your biometric photo and image we process when you call our call center to become a customer through remote identification),
  • Transaction details (for instance the payments you make and receive, banking, customer and legal transaction fees, call center records, invoices, promissory notes, check information, information on teller slips, shopping history information, survey, cookie records, information from campaign studies etc.),
  • Financial information (for instance, bank account number, credit or debit card numbers, financial history, balance sheet, financial performance information, credit and risk information, assets)
  • Information required to complete collection and payments (for instance invoice subscription number, ID number, tax number, license plate, tax accrual number),
  • Demographics (for instance; job- occupation, level of education and income (payroll or income certificate) – (Data that the bank processes for identification and know-your customer principles),
  • Health data (for instance these are processed if you purchase health / life insurance and / or private pension products), information on any disability, any devices or prosthetics,
  • Information on DenizBank products, services and credit cards you currently have, you have applied for or you used to have
  • Visual or audio records and camera records for your office/branch visits or telephone and video calls as much as laws permit.

If you do not provide personal data that we tell you is mandatory (that is, which you must provide), it may mean that we cannot provide you with the service you want or meet all our obligations to you. Also, we collect your personal data from other sources.

The data we collect indirectly are provided hereunder:

  • Advertisement ID information we obtain through scanners or cookies during your internet website visits or those obtained through our contracted hardware or software services which show how you use our internet website or mobile applications, pages you visit in these fields, data on your online behavior and preferences (sensitive data are not shared with third parties).
  • Data we obtain when you contact us (for example, through social media),
  • Location, IP address of your device, internet banking log in and log out data, device type, operating system type, passwords that are used in digital channels such as internet banking, in order to secure your transactions,
  • Data on how you use your accounts – these are; date, amount, currency of the payments you made and received, who you paid or who paid you (for example; retailers or other persons),
  • Data on whether or not you use the products and services you received from our bank,
  • Marketing data, for instance; shopping history, survey, cookie records, campaign studies,
  • Legal data such as data in correspondences with legal authorities, information in lawsuit files.

3. Methods of Collecting Your Personal Data

We collect, use, share and keep your information in order to provide you required products and services and share information on services that may attract you.

Your personal data may be collected through the methods below:

(i) Methods of collecting your personal data from you;

Non-automatic methods;

  • Through your visits to our head office units, branches, kiosks (for instance, your camera records are logged through CCTVs when you visit our branches, regional offices and head office for security reasons) or our phone services
  • By applying for our products and services,
  • By making transactions through our bank's branches and channels in order to make your collections and payments
  • By writing to us (registered e-mails, electronic notifications, electronic mail, postal, fax, short messages, social media methods and other written or audio channels),
  • By joining our contests or promotions,
  • By managing your accounts (date, amount, currency of the payments made to your account),
  • Or by informing us any time including social media channels.

Semi-automatic methods:

  • By downloading any of our mobile applications, using our kiosks, ATMs or internet website or digital channels – in such case, your IP address and your device and its software, how you access these services and how you use them can be collected (we can make other requests or give more detail on how we use your data; for instance we can ask for your location to search for nearby services).

(ii) Methods of CollectingYour Data From Third Parties:

We can semi-automatically collect your information through the below institutions or persons:

  • Turkish Banks Association Risk Center, or companies established by at least five banks or financial institutions and institutions that combat laundering proceeds of crime, financing of terrorism, corruption, bribery, fraud, private and public institutions that provide information from public or private databases – (ID Sharing System, Address Sharing System, Centralized Registry System, National Judicial Network IT System, Income Administration, Trade Registry Office Records, Title Deed Registry Systems, Credit Bureau, Interbank Card Center, WorldCheck, Swift KYC, Bankers Almanac, Orbis etc.)
  • Enterprises that help us improve your personal data and enable us to offer more relevant and attractive products and services,
  • Merchants and POS devices
  • R.T. Ministry of Treasury and Finance, General Directorate of Highways, Postal Services, invoice production companies and persons and institutions you interact with for your payments/collections
  • International money transfer intermediators like SWIFT
  • Parties that the bank receives complementary or extended services such as fax, postal, cargo or courier, contracted companies and support services and outsource companies and dealers and sales offices,
  • Other banks and financial institutions (for instance, when you want to see their accounts in our platforms or when we query wrong payments)
  • Publicly available data such as media news and online records or sequences

We can collect data through the institutions and persons below through non-automatic methods:

  • Unions and associations such as trade and artisan chambers
  • Joint account holders
  • Persons assigned to act on your behalf
  • Companies you own or you are associated with – investment companies, partnerships or business partnerships along with their directors, shareholders, trustees, authorized persons or proxies
  • Employers
  • Social Security Institution
  • Companies whose activities we carry out via intermediation and agency

If you give us personal data about other people (such as your family or joint account holders), or you ask us to share their personal data with third parties, you confirm that they understand the information in this notice about how we will use their personal data.

4. What we use your personal data for and the legal basis for doing so

We must have a legal basis (lawful reason) to process your personal data. In scope of the LPPD, when we process your personal data, we need to fulfill at least one legal basis defined for processing. There are a few different legal basis for our evolving activities and these reasons and their purposes for processing are given hereunder.

What we use your personal data for The legal basis for doing so

Primarily for banking services, capital market transactions, investment products, cash management services, foreign trade services, loan procurement services, insurance, pension and other agency services and intermediary services; to offer you all our services as per transactions given under article 4 of Banking Law numbered 5411 and those in relation to banking, investment, insurance and finance products, fulfil open banking services and all transactions therein, to carry out, improve and execute operational process and also for the execution of agreements we enter into with third parties in order to offer you these products and services

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws
According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (ç) of LPPD  processing is;mandatory for the controller to be able to perform his legal obligations
According to the article 5/2 (f)* of LPPD
According to the article 5/2 (f)* of LPPD it is in our legitimate interests to make sure that
our customer accounts are well-managed, so that
our customers are provided with a high standard of
service, and to protect our business interests and
the interests of our customers .

To contact you about your products or services or about legal or legislative issues

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws
According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

To manage all complaints and requests including customer relations, experience, satisfaction, complaint, objection, request and proposal along with follow u and execution of legal processes

According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (e) of LPPD  data processing is mandatory for the establishment, exercise or protection of any
right According to the article 5/2 (f)* of LPPD it is in our legitimate interests to make sure that
complaints are investigated (for example, so that
our customers receive a high standard of service
and we can prevent complaints from arising in
the future).

To check your instructions to us, to analyse, assess
and improve our services, and for training and
quality purposes
(We may monitor or record any communications
between you and us, including phone calls, for
these purposes.)

According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to check the orders you place at our bank, to prevent and detect fraud and other crimes, analyze, assess, improve  our services, to do these for training purposes and improve the services offered to customer

To check national and international lists as per legislation on the prevention of laundering proceeds of crime and financing of terrorism along with the prevention of weapons of mass destruction that our bank is subject to, to fulfil know-your customer principle by identification, recording occupation, income and transactions to confirm ID and addresses, execute compliance processes as per foreign legislation

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws
According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to detect, prevent and analyze fraud, anti-money laundering, terrorism financing and other crimes and verify your ID to protect our bank

To offer our products and services in scope of capital market activities including banking, insurance, pension, finance and investment along with products and services of other companies of DFSG or institutions we collaborate with, intermediate for or act as agency, to contact you, make offers, carry out promotion, marketing, cross sell and campaign activities and design tailored marketing and promotion activities for you

Having your explicit consent as per article 5(1) of LPPD

To use the data to provide better services for you, calculate product and service priority and determine points of service (for instance, use of Q-matics)

It is in our legitimate interest for our customers to receive high standard services as per article 5/2 (f)* of LPPD

To make debt collection and exercise our other rights as per any agreements we enter into with you; also to protect ourselves against possible damages to our property rights and interests

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws
According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to make sure we can recover the debts owned to us, as well as making sure our assets are protected.

To offer services related to insurance, investment and finance products the bank intermediates for as agency and insurance products it offers with the capacity of pledge and creditor and/or fulfil services in relation to these

According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to offer you insurance products and receive price quotes on these products.

To respond to your payment initiation and account information service requests for your accounts at other payment service providers or to offer account information and payment initiation service for your accounts at our bank (if you request information from us that a third party provider needs)

When information is requested on account movements by account holder customers at our bank and/or intermediaries they authorize with whom you have collection or payment relations via products such as money transfer,check, bill payment  (for instance, your data (such as ID number/tax number) are indirectly sent to the counterparty through our account movement integration product)

According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

To prevent and detect fraud, anti-money laundering, terrorism financing and other crimes (identity theft etc.) through planning, auditing or executing information security processes and ensuring the security of locations such as bank branches and ATMs along with bank systems and operations

(for instance, we can use CCTV systems to monitor and/or collect visuals or audio records (or both) outside our office buildings or perimeters)

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to check your ID and keep to currently enforced laws in order to protect our organization by preventing and detceting fraud, anti-money laundering, terrorism financing and other crimes

To keep to with currently enforced laws and regulations and collaborate with regulatory authorities and police department (to fulfil obligations arising from Banking Law, Bank Cards And Credit Cards Law, Laws And Regulations On Payment And Securities Reconciliation Systems, Payment Services And Electronic Money Institutions and legislation our bank is subject to and to keep to legislation on AML and Preventing Terrorism Financing besides domestic and international legislation) to utilize the system (“İYS”) that enable to receive commercial electronic notification approvals as per Law on Regulation of Electronic Trade numbered 6563 and the underlying Regulation on Commercial Communication and Commercial Electronic Notifications, to exercise right to refuse and manage complaint processes,
To comply with information safekeeping, reporting and notification obligations foreseen by the BRSA (Banking Regulation and Supervision Agency ),CMB, CBT (Capital Markets Board of Turkey), CBT (The Central Bank of the Republic of Turkey),, MASAK (Financial Crimes Investigation Board) , TBB (Banks Association of Turkey), KOSGEB, Income Administration, Under-secretariat of Treasury, SSI, Central Registry Agency, Turkish Ministry of Treasury and Finance, Credit Bureau, Risk Center, TBB and other authorities,
To fulfil our identification and access obligations regulated under Regulation on Bank Information Systems and Electronic Banking Services

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to protect our organization

To evulate and analyze data by assessing and analyzing data including credits, behavior scoring, market research, survey and statistic studies to improve, offer and develop products and services

Having your explicit consent as per article 5(1) of LPPD

To make the marketing messages/ads you receive to be more attractive and to improve your experience in our advertisement marketing follow up, mobile applications and internet website

We need your explicit consent to send you marketing messages as per article 5(1) of LPPD
According to the article 5/2 (f)* of LPPD it is in our legitimate interest to offer information on conditions of customers

Keeping traffic information log as per the Law on Regulating Online Publications and Combating Crimes Through these Publications numbered 5651 in case internet access is used; to record and audit communication, correspondence and transactions

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

As per article 42 of Banking Law numbered 5411 and in accordance with article 17 of Regulation on Terms and Conditions of Accounting Principles of Banks and Safekeeping of Documents and based on other legislation the bank is bound by; for arranging and safekeeping all electronic (SWIFT, internet/mobile banking, head office units, branches, kiosks, ATMs, internet branch, call center and all other similar channels) and paper records and documents associated with transactions based on the legal obligation of our bank to keep them for 10 years,

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

To carry out the support services given as per the permission of BRSA on extending services and the risk, audit and operational services conducted with subsidiaries in accordance with Banking Law and other legislation for planning relations or risk management with shareholders along with preparing consolidated financial statements for main shareholders as per article 73/4 of Banking Law

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

For valuation studies to be made by possible buyer for the purpose of 10% or more of shares in capital which are acquired directly or indirectly as per article 73/4 of Banking Law or for valuation studies to be made for assets or asset backed securities including loans

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

For valuation, rating and independent audit activities as per article 73/4 of Banking Law

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws  
According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

Even if you are not a customer; to define your risk group for determining loan thresholds to be lent to a risk group as per banking legislation, to determine loan thresholds, to report and control (article 49 of banking law explains defining risk groups. Besides, other natural and legal persons to be included in risk groups are determined by the Turkish BRSA)

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to protect our organization

To notify the closest branch/ATM to your location through our website or other applications upon your request; to notify weather forecast for your location, video calls you make with agents to answer questions or carry out transactions or to develop and offer you new technologies like voice activated chatbot

According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract.
According to the article 5/2 (e) of LPPD  data processing is mandatory for the establishment, exercise or protection of any
right According to the article 5/2 (f)* of LPPD it is in our legitimate interest to sustain our competitive edge besides improving and developing our products and services in order to continue offering these products and services to customers

To contact you through mail, phone, SMS, e-mail, ATM and other digital methods. The purpose may be the following:

  • To help you manage your accounts, to get your order and document approvals
  • To fulfil our legal obligations,
  • To provide your account statements and other information linked to your account or our relationship
  • To notify you on our products and services you own and to send you information on products, services, awards, offers, promotions and contests that may be of interest

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract. According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to share information with you on products and services that could be beneficial or to your interest
To have your explicit consent to inform you on products and services you own and to send you information on products, services, awards, offers, promotions as per article 5/1 of LPPD
When we send you marketing messages, you can always inform us you do not wish to receive them.

After the restructuring, sale or purchasing of any DFSG companies or debts; to transfer your information to the organization to where your account is/will be transferred or to share these with that organization

According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest for any part of our organization or any DenizBank debt to be restructured or sold

As per article 5 of Regulation on Compliance Program towards Obligations on Preventing Laundering Proceeds of Crime and Financing of Terrorism; to ensure that the compliance program of DFSG is applied across the financial group and to share information on know-your customer, account and transactions within the group,

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws Explicitly According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to detect, prevent and analyze fraud, anti-money laundering, terrorism financing and other crimes and verify your ID to protect our bank

To share your information with Turkish or other related tax authorities, Turkish Banks Association Risk Center and companies founded by at least five banks or financial institutions, companies that combat fraud, regulatory bodies and authorities in Turkey

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to make certain credit controls to take responsible commercial decisions. As a responsible organization, we need to ensure that we only offer appropriate products and services for individuals and that we continue to manage our services.
It is in our legitimate interest to help prevent and detect fraud and other crimes.
It is in our legitimate interest to help domestic and foreign regulatory authorities to ensure banks keep with laws and regulations.

For the management, planning and execution of relations and processes with support/outsource service providers, business partners or suppliers

According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract. According to the article 5/2 (f)* of LPPD it is in our legitimate interest to use other organizations for them to offer services on our behalf.

For planning or execution of internal systems, IT, operations, audit, internal control, risk monitoring, risk management, ethics and financial risk processes of our bank

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

To carry out a transaction if you are a representatives/authorized person for any natural or other person to transact with or without a bank account,

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract. According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations

When any commercial customer requests a loan and/or investment product; to assess the loan history, credibility and loan conditions of the owner, partner and manager of the natural person commercial customer in order to assess the request

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract. According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD It is in our legitimate interest to make sure our assets are prudently protected.

To assess loans and collaterals, research intelligence and information and manage loan sales, allocation, lending, follow up and monitoring processes

According to the article 5/2(a) of LPPD processing is clearly provided for by the laws According to the article 5/2 (c) of LPPD processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract. According to the article 5/2 (ç) of LPPD  processing is mandatory for the controller to be able to perform his legal obligations According to the article 5/2 (f)* of LPPD it is in our legitimate interest to make sure our bank assets are protected.

*We carry out data processing activities on condition that we do not harm your fundamental rights and freedom, as long as there is a compulsory legal reason to process the data as the data controller, as per article 5/2 (f) of LPPD.

Special Categories of Personal Data

Race, ethnicity, political opinion, philosophical belief, religion, sect and other beliefs, clothing style, association, foundation or union membership, health, sexuality, criminal conviction and data on security measures along with biometric and genetic data are considered to be under special category.

Your data categorized as special may be processed in the following events:

What we use your special categories of personal data for Legal basis for doing so

We may use your biometric data for the purposes indicated in the above table.

If you apply to become a customer through remote identification, we will process your biometric data while the video call if we get your explicit consent as per article 6(2) of LPPD.
We will process your biometric data regardless of seeking your explicit consent as per article 6(3) of LPPD, only for conditions stipulated by law.

We may use your health data for purpose indicate in the above data (for instance, to offer insurance products or price quotes, to select special conditions such as Braille alphabet for account statements when system developments are made, to prepare an insurance policy draft when you buy health/life insurance and/or private pension products (and/or if needed as collateral for a loan that is allocated)

We will process the data if we receive your explicit consent as per article 6(2) of LPPD.

To comply with laws and regulations and cooperate with regulatory authorities and police departments (for instance, all your data in your ID can be processed as we are legally obliged to keep a copy of your ID)

It is stipulated by law as per article 6(3) of LPPD.

5. Who we will share your personal data withAnd For What Purposes

Your personal data is shared with the below parties, for the below reasons:

DenizBank Financial Services Group Enterprises
Your personal data may be processed as per conditions set forth in article 9 on transfer of personal data abroad and article 8 on transferring personal data under LPPD in order to be used in consolidated financial statement preparations, risk management and assessment studies and registered in central information system of our shareholder for internal audit practices as per article 73/4 of banking law; to disseminate the compliance program of DFSG as per article 5 of Regulation on Compliance Program for Obligations to Prevent Anti-Money Laundering and Terrorism Financing across the financial group as well as to know-the-customer and share information on accounts and transactions in the group and for support services realized as per extension permissions granted by the BRSA; by companies and persons within the company group our bank is included in, direct and indirect subsidiaries of our bank both domestic and abroad, main shareholder and other shareholders of our bank and their affiliates, employees, company officers, legal, financial and tax consultants and auditors.
You can access domestic and foreign subsidiaries of our bank, our main shareholder, holding companies and subsidiaries of our main shareholder and our risk group along with titles, countries and address information on https://www.denizbank.com/_files/denizbank-financial-services-group-support-services-organizations.pdf

Data can be shared with payment transaction service providers and other institutions that help us carry out payments and other companies that are members of payment programs or offer payments in certain payment types in order to offer you products and services you receive from us.
(Including Europay INT.SA, Moneygram Group (Moneygram Payment Systems Inc. ve Moneygram Turkey Ödeme Sistemleri A.Ş.), MasterCard INT.INC., Visa INC., JCB CO., LTD., Maestro, Electron and card payment system companies that are established abroad or domestically and ar included in Law numbered 6493 and other legislation)

Third Party Payment Providers. If there is need to confirm that the payment is made to the correct account, your (only) data related to this purpose can be shared with persons who paid into your account.

Other banks and Financial institutions and merchants: If a payment is made to your account by mistake, details about you and the wrong payment can be shared with the sender banks to they can collect the said amount. Your personal data can be transferred to correspondent banks, international or domestic banks, merchants and financial institutions for sharing electronic transfer messages, foreign trade transactions, secure financial transaction messages linked to all kinds of money transfers to be made domestically or internationally including inter-bank and/or swift systems; for global payment and loan transactions and electronic transactions, domestic and international collateral transactions and liquidation of payment transactions and those associated with these proceedings.

Independent third party service providers with whom you ask us to share data with (or third parties authorized to give orders on your behalf) (for instance service providers to start payments or provide account information). If we share your data with these third parties, we do not have any control on the use of them by these parties. You (or third parties authorized to give orders on your behalf) would have to settle directly with these third parties.

Companies to which you made payments through your DenizBank account and need our help to make the payment to your account at their organization (like companies that offer public services). For instance, your personal data can be shared with Ministry of Treasury and Finance for your tax debts, invoice production companies for invoice payments, companies offering games of chance for lottery payments, General Directorate for Highways for bridge/toll payments, Postal Services and private build/operate/transfer companies for collections.

Our service providers and agencies (including their sub-contractors). Your personal data can be shared with support services companies, contracted consultants, institutions, parties, suppliers, outsource providers, cloud service providers, mobile service providers authorized by IT and Communications Authority, attorneys, law offices, notaries, company auditors, independent audit, rating and valuation companies and other professional consultants and contracted companies that complement our bank services or act as an extension.

Your data can be shared with these persons and companies in order to design, develop and sustain internet based tools and applications; receive application or infrastructure (cloud) services; manage marketing activities or events and customer communication; prepare reports and statistics; confirm and detect contact information; printing materials and designing products; advertisements in applications and websites; receive legal, audit services or other specialized services; follow up and manage legal processes; audit our activities for legislative compliance; give postal services by our agencies; archive physical records; manage securitizations; offer or receive intermediary collection services.

Support Service Institutions can be classified categorically as archive services, information systems, operational services, call center, marketing, collection and security and you can reach them via https://www.denizbank.com/_files/denizbank-financial-services-group-support-services-organizations.pdf

Your personal data can be shared with our business partners who offer services with, agencies and brokers who act on our behalf or who we provide products and services collectively such as insurance and intermediary, agency companies to fulfil our obligations arising from intermediary, agency activities. (for instance, hotel or airline business partners, business partners for card programs or those that have their name or logos on our credit cards or bank cards). Your data can be shared with other service providers and agencies that serve on behalf of our business partners.

Insurance providers including insurers, damage consultants and other related third parties. When you request an insurance compensation, information you give to us or the insurer can be logged in records. This data can be shared with other insurers.

Head Office of the National Lottery: Your personal data can be shared with the Head Office of the National Lottery if you join any campaigns or raffles offered by our bank.

Public Bodies and Authorities: If we are legally obliged, your data will be shared with BRSA, PPD Authority, CMB, CBT, MASAK, Banks Association of Turkey, KOSGEB, Income Administration, Under-secretariat of Treasury, SSI, IT and Communications, ministries, judicial bodies, police, public prosecutors, courts and arbitration/intermediary organs that are legally authorized public or private bodies and persons indicated in article 73 of banking law.

Your personal data can be shared for the sale of our receivables or for valuation studies of our shares with third parties, possible buyers and asset management companies after any DFSG company or debt is restructured, sold or acquired.

Your personal data can be shared with anyone we transfer or assign (or may transfer and assign) our rights and obligations, as much as permitted by terms and conditions in any of your agreements signed with us.

Your personal data can be shared with the consultants you authorized to represent you (accountants, attorneys and other professionals) or any other person you indicate as authorized to place orders on your behalf and utilize accounts, products and services (with Power of attorney).

Your personal data can be shared with Turkish and foreign regulatory authorities, police department and authorized bodies in relation to combating crimes (directly or through third parties like the credit bureau) or for social and economic statistical research. Payment details may also be shared (including information on other parties’ party to the payment).

Institutions that combat fraud: If you give us wrong or fake information, we will notify this to institutions that combat fraud at all times. This will enable other organizations (within and outside of Turkey) including the police department to use this information to prevent and detect fraud and other crimes.

Risk center or companies established by at least five banks or financial institutions (interbank card center, credit bureau etc.): Your personal data can be shared to manage risk management and monitoring activities.

US and/or US Corporations: If you are a natural or legal person from the USA and/or EU or if you transact in USA and/or EU  markets or if you are subject to USA and/or EU tax laws or for all other legal necessities, your account number, address, ID, occupation, account, transaction and data can be shared with the USA Dodd Frank (Dodd Frank Wall Street Reform and Consumer Protection Act) ve FATCA (Foreign Account Tax Compliance Act), ISDA (International Swaps and Derivatives Association) and the European Union (EU) EMIR (European Market Infrastructure Regulation) and CRS (Common Reporting Standard) laws and other regulations, U.S. Internal Revenue Service (IRS), European Capital Markets Association (ESMA) and/or all other US and/or EU companies and enterprises and be processed by them.

Laws and regulations may oblige us to share your account information with tax authorities directly or through local tax offices. These tax offices may share the said information with other suitable tax authorities.

If you make any donations, your data can be shared with associations and foundations.

Your personal data can be shared with other third parties if you give explicit consent or upon your request.

Insured and Insurer: If you buy an insurance products within our Bank or our company group or through another company, your data can be shared with relevant insurance companies.
Details on how our insurance business partners will use your data (including the personal data you will directly give them) are given in the explanations provided by insurance companies.

Domestic and international independent audit companies, rating agencies and specialized enterprises; Your data can be shared for audit, rating and credit restructuring processes and for executing assessments on the applicability of restructuring and detecting financial conditions.

If a loan you utilize from our bank is allocated to you through us indirectly from a foreign financial institution (EIB, EBRD, GGF, EFSE, IFC, EIF, AFD, Proparco; AIIB) or if funds that domestic financial institutions TKB, Turkish Eximbank, TSKB secure from abroad are allocated to you through us as an intermediating financial institution; your personal data can be shared with these financial institutions and the third parties they are obliged to give information in order to carry out internal audit, internal control, risk management, risk monitoring, credit lending and credit restructuring activities.

6. Risk Centre of the Banks Association of Turkey

We conduct credit and ID controls about you together with the Risk Centre of the Banks Association of Turkey or companies established by at least five banks or financial institutions (Interbank Card Centre, Credit Bureau, etc.) and fraud prevention institutions. To do this, we provide the said entities with your personal data and they provide us with information about you.

In sub-paragraph h of article 3 of the Regulation on Risk Centre of the Banks Association of Turkey, Risk Centre has been defined as the centre not having a separate legal personality, established as part of the Banks Association of Turkey, in order to gather risk information about customers of crediting institutions and other financial institutions to be deemed fit by the Board, and to share such information with the said institutions and with natural persons or legal entities themselves or subject to prior consent, as stipulated in the Law numbered 6111 and Supplementary Article 1 of the Banking Law.

Article 9 of the Regulation on Risk Centre of the Banks Association of Turkey stipulates the scope, format and contents of information to be provided by members to the Risk Centre. We share your information stipulated in article 9 with the Risk Centre. From the Risk Centre, we receive your information stipulated in article 10 entitled “Sharing of Information Held by the Risk Centre with Members” of the same regulation.

Even if you are not our customer, to determine the credit limits that can be lent to a risk group as per the banking legislation, your personal data can be processed to identify the risk group which you will be included in, to determine, monitor, report and control the credit limit to be lent (Article 49 of the Banking Law explains identification of risk groups. Besides those, the Banking Regulation and Supervision Agency of the Republic of Turkey shall identify other natural and legal persons that will be included in the risk group).

7. Keeping Your Information

Pursuant to Article 42 of the Banking Law numbered 5411 and Article 17 of the Regulation on Principles and Procedures Pertaining to Accounting Practices of Banks and Retention of Documents, it is legally mandatory for our Bank to retain your information and documents for a period of ten years. In the event that you request that your personal data to be erased, your personal data shall be erased, destructed or anonymised at the end of a 10-year retention period, if you no longer receive services from our bank actively and all the conditions requiring processing of your data have disappeared.

8. Automated Processing

The way we analyse personal data relating to our services may involve profiling. This means that we may process your personal data using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you that relate to the following:

  • Credit and affordability checks to see whether your application will be acceptedIf automated decisions are necessary for us to enter into a contract. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products, based on your credit history and other financial information we have collected about youTo determine credit limits,
  • For controls related to prevention of laundering proceedings of crime, and checks related to financial sanctions,
  • To be informed about the purpose of account opening and purpose of the requested product and transaction, consider and accept the suitability of account opening request, for ID checks, customer due diligence and address controls,
  • Monitoring your account for fraud and other financial crime, either to prevent you committing fraud, or to prevent you becoming a victim of fraud
  • Deciding whether an account is dormant (not used anymore) or not, to close if dormant,
  • If we have your explicit consent, to select customised offers, discounts or recommendations to send to you, based on various factors such as your credit history and how you use your accounts and products at our institution, by making an assessment on your credit and solvency,
  • To help you manage your financial situation by categorising your expenditures and presenting such information to you in different ways,
  • To help us determine our overall credit risk as a bank,
  • To help us specify product prices.

Pursuant to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and Personal Data Protection Law, you have rights related to automated decision making. As per article 11(g) of the Personal Data Protection Law, you may object to a consequence against you that occurs due to analysis of your personal data exclusively by automated systems. You can contact us to exercise this right.

9. Cookies

We may use cookies and similar technologies on our websites and applications as well as in our e-mails. Cookies are text files collecting small amounts of information stored in web browsers when you visit a website. You may access our cookies policy through the following link: https://www.denizbank.com/en/about-us/cookie-policy.aspx

10. Your Rights

Pursuant to article 11 of the Personal Data Protection Law, you have the following rights related to your personal data:

a) to learn whether your personal data are processed or not,

b) to request information if your personal data are processed,

c) to learn the purpose of your data processing and whether this data is used for intended purposes,

d) to know the third parties to whom your personal data is transferred at home or abroad,

e) To request correction if your personal data were processed incompletely or inaccurately and to request that third persons, to whom your personal data are transferred, get notified about the transactions carried out within this scope,

f) Despite being processed as per the provisions of the Law numbered 6698 and other relevant laws, in the event that reasons requiring the processing have disappeared, to request the erasure or destruction of your personal data and to request that third persons, to whom your personal data are transferred, get notified about the transactions carried out within this scope,

g) to object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavourable consequence for you.,

h) to request compensation for the damage arising from the unlawful processing of your personal data.

Pursuant to the Personal Data Protection Law numbered 6698, you can exercise your rights related to your personal data by filling out the form by choosing the sub-headings “Complaints – Retail Banking – Report Personal Data Protection Law Complaints” available at the link https://www.denizbank.com/en/bilgi-limani/CustomerSatisfaction.aspx or through one of the channels below:

  • By applying in person to our Head Office located in Büyükdere Cad. No: 141 34394 Esentepe – ISTANBUL or any of our branches or via notary in writing,
  • By sending your application by e-mail to denizbank.haberlesme@hs04.kep.tr, using your registered e-mail address,
  • By sending an e-mail to oncemusteri@denizbank.com, using your personal e-mail address with secure electronic signature or mobile signature or the e-mail address you used to register our system,
  • By contacting our Bank’s Call Centre at 0850 222 0 800,
  • By using another method specified within the scope of the Communiqué on the Principles and Procedures for the Request to Data Controller

Your application must include the following:

a) Your name, surname, and signature if your application is in writing,

b) (For Republic of Turkey citizens) Your Republic of Turkey ID Number, (for foreigners) your nationality, passport number or ID number, if any,

c) Your residential or work address that is the basis for the notification,

ç) Your e-mail address, telephone number, fax number, if any, that is the basis for such reporting,

d) Subject matter of the request.

Your request shall be finalised as soon as possible and within thirty (30) days at the latest, free of charge. If transactions pertaining to your request entail a separate cost, a fee may be charged from you as per the tariff stated by the Authority.

Personal Data Protection, Storage and Destruction Policy