Goto Menu Goto Content

Accounts

Cards

Loans

Digital Products

1. Purpose and Scope

This Data Privacy Notice (‘Notice’) has been prepared in accordance with the Law on Protection of Personal Data (LPPD) numbered 6698 in order to inform you on your personal data processed by DenizBank A.Ş., methods of collecting your personal data, legal basis and purpose of processing your personal data, persons/institutions where your personal data are transferred to, purpose of transfer and rights on natural persons whose personal data are processed.

As DenizBank A.Ş. we act as the Data Controller as per LPPD and take necessary measures on processing and keeping your personal data.

The table below shows information on our bank that processes your personal data.

Title DENİZBANK A.Ş.
Address Büyükdere Cad. No:141 Esentepe 34394 Şişli / ISTANBUL
Central Registry System / Registry No. 0292-0084-4960-0341 / 368587 

This Notice is valid for the natural persons indicated below:

  • All our current and potential customers (“Customers”): Certain parts of the Notice may only be valid for our customers who have certain accounts and products within our bank. These circumstances have been explicitly stated in this Notice to inform you.
  • Persons who are not our customers: Persons who are not our customers refer to any person who transacts through our bank whether or not through an account, natural persons who are/will be party to any collateral allocated/to be allocated in favour of our bank (surety, guarantor, assignee/pledge debtor, spouses where sought by legislation for consent), natural persons who visit our bank website, head office or branch, natural persons who are shareholders, final real beneficiaries, Board members or representatives/authorized persons of any companies that are our customers, natural persons who carry out other transactions with our bank or our customers.

DenizBank Financial Services Group (DFSG) entities under this Notice refers to direct and indirect domestic and foreign subsidiaries of DenizBank and other shareholders including the shareholder together with their sister companies and subsidiaries.

2. Your Processed Personal Data

Your personal data processed by our bank are listed in the table below on the basis of categories:

Data Category Personal Data
Identity Name-surname, mother’s and father’s name, mother’s maiden name, date of birth, place of birth, marital status, ID card serial number, Republic of Turkey ID number, etc.
Contact Information Address number, e-mail address, contact address, registered e-mail address (KEP), telephone number, etc.
Location Location information of the person’s whereabouts, etc.
Legal Proceedings Information in correspondence with judicial authorities, information in court files, etc.
Customer Transactions Call centre records, information on invoices, bills of exchange, cheques, information on pay desk slips, request and instruction information, etc.
Security of Physical Venue Records on entrance and exit to/from physical venue, camera footage, etc.
Transaction Security IP address information, website log in – log out information, password and passcode information, etc.
Risk Management Information processed for the management of commercial, technical, administrative risks, etc. (e.g. demographics, data obtained from the Credit Bureau, KPS and APS, score information, etc.)
Finance Balance sheet information, financial performance information, credit and risk information, wealth information, etc.
Professional Experience Profession, title, work information, education status, etc.
Marketing Information shopping history, surveys, cookie logs, information obtained via promos, etc.
Visual and Audio Records Visual and Audio Records, etc. (e.g. call centre records, video-call records, photos, etc.)
Health Information Information on disability, personal health information, etc.
Criminal Convictions and Security Measures Information on criminal conviction, information on security measures, etc.
Biometric Data Face recognition information, etc.

3. Methods of Collecting Your Personal Data

We collect, use, share and keep your information in order to provide you with required products and services and share information on services that may attract you.

Your personal data may be collected directly from you or third persons via methods that are automated, semi-automated or not automated.

(i) Methods of collecting your personal data from you;

With semi-automated methods;

Your personal data in the categories of Identity, Contact Information, Legal Proceedings, Customer Transactions, Security of Physical Venue, Risk Management, Finance, Professional Experience, Marketing, Visual and Audio Records are obtained from you in the following cases:

  • When you visit our head office units, branches, kiosks (for instance, your camera records are logged through CCTVs when you visit our branches, regional offices and head office for security reasons) or use our telephone services,
  • When you apply for our products and services,
  • When you make transactions through our bank's branches and channels in order to make your collections and payments
  • When you write to us (registered e-mails, electronic notifications, electronic mail, postal, fax, short messages, social media methods and other written or audio channels),
  • When you participate in our Bank’s contests or promos,
  • When you use your accounts,
  • When you inform us any time including those via social media channels.

We obtain your personal data in Health Information data category when you apply for an insurance product.

With automated methods:

  • To ensure your transaction security when you download any of our mobile applications, use our kiosks, ATMs or websites or digital services; we may obtain information on your location information, IP address which you device is connected to, your information on logging in and out of online banking, type of the device you use, information on type of operating system, password and passcode information, how you access such services and how you use them, while you use digital environments such as our Bank’s online banking, which are included in transaction security data category. Also, by obtaining your data in the location data category, we may offer you services such as the weather where you are and the nearest ATM.
  • We obtain your biometric data if you request to become our new customer via remote identification method pursuant to the Regulation numbered 31441 or to carry out transactions with our mobile application via remote identification.

(ii) Methods of Collecting Your Data From Third Parties:

We can collect your personal information in the categories of Identity, Contact Information, Legal Proceedings, Customer Transactions, Risk Management, Finance, Marketing, Visual and Audio Records and Criminal Convictions and Security Measures through the below entities and institutions or persons via automated methods:

  • Turkish Banks Association Risk Centre, or companies established by at least five banks or financial institutions as well as institutions that combat laundering proceeds of crime, financing of terrorism, corruption, bribery, fraud; private and public institutions that provide information from public or private databases – (ID Sharing System, Address Sharing System, Centralized Registry System, National Judicial Network IT System, Revenue Administration, Trade Registry Office Records, Title Deed Registry Systems, Credit Bureau, Interbank Card Centre, WorldCheck, Swift KYC, Bankers Almanac, Orbis, etc.)
  • Contracted hardware or software services and contracted institutions that help us improve your personal data and enable us to offer you more relevant and attractive products and services,
  • Merchants and POS devices
  • Ministry of Treasury and Finance of the Republic of Turkey, Directorate General of Highways, Turkish Post (PTT), invoice production companies and persons and institutions you interact with for your payments/collections
  • International money transfer intermediators like SWIFT
  • Parties that the bank receives complementary or extended services such as fax, post, cargo or courier, contracted companies and support services and outsource companies and dealerships and sales offices,
  • Other banks and financial institutions (for instance, when you want to see their accounts in our platforms or when we query wrong payments)
  • Publicly available data such as media news and online records or directories

We can collect your personal information in the categories of Identity, Contact Information, Legal Proceedings, Risk Management, Finance, Professional Experience through the below entities and institutions or persons via non-automated methods:

  • Unions and associations such as trade and artisan chambers
  • Joint account holders
  • Persons assigned to act on your behalf
  • Companies you own or you are associated with – investment companies, partnerships or business partnerships along with their directors, shareholders, trustees, authorised persons or proxies
  • Employers
  • Social Security Institution
  • Companies whose activities we carry out with the capacity of intermediary and agency
  • Judicial bodies

If you give us personal data about other people (such as your family or joint account holders), or you ask us to share their personal data with third parties, you confirm that you have informed them about this Notice as to how we will use their personal data and that they understand the information in this Notice.

4. What we use your personal data for and the legal basis for doing so

We must have a legal basis (lawful reason) to process your personal data. In scope of the LPPD, when we process your personal data, we need to fulfil at least one legal basis defined for processing.

Cases whereby your personal data may be processed without seeking your explicit consent have been stipulated in paragraph 2 of Article 5. Accordingly:

5/2(a) It is expressly envisaged in the laws.

5/2(b) It is obligatory for the protection of life or bodily integrity of the person himself or herself or of any other person, who is unable to express his or her consent due to factual impossibility or whose consent is not considered legally valid at all.

5/2(c) Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.

5/2(ç) It is mandatory for the data controller to fulfil its legal obligations.

5/2(d) It must be made public by the data subject themselves.

5/2(e) Data processing is mandatory to establish, exercise or protect a right.

5/2(f) Data processing is mandatory for the legitimate interests of the data controller, on condition that such processing does not violate the fundamental rights and freedoms of the data subject.

We have several legal bases for the activities we carry out. Those legal bases and our purpose of processing your personal data have been explained in the table below.

To evaluate and analyse data by assessing and analysing data including credits, behaviour scoring, market research, survey and statistics studies to identify and improve the products and services to be offered to you

PERSONAL DATA CATEGORIES WHAT WE USE YOUR PERSONAL DATA FOR THE LEGAL BASIS FOR DOING SO

Identity, Finance, Visual and Audio Records, Contact Information, Customer Transactions, Transaction Security, Risk Management

Primarily for banking services, capital market transactions, investment products, cash management services, foreign trade services, loan procurement services, insurance, pension and other agency services and intermediary services; to offer you all our services as per transactions given under article 4 of Banking Law numbered 5411 and those in relation to banking, investment, insurance and finance products, fulfil open banking services and all transactions therein, to carry out, improve and execute operational process and also for the execution of agreements we enter into with third parties in order to offer you these products and services

As per article 5/2(a) of LPPD,
As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,
It is in our legitimate interests to make sure that our customers are provided with a high standard of service, our customer accounts are well managed and to protect our business interests and interests of our customers.

Identity, Finance, Visual and Audio Records, Contact Information, Customer Transactions

To contact you about our products or services or about legal or legislative issues as well as about purposes of providing services.

Article 5/2(a) of LPPD,
Article 5/2 (c) of LPPD,
Article 5/2 (ç) of LPPD.

Identity, Finance, Visual and Audio Records, Contact Information, Legal Proceedings Customer Transactions

To manage all complaints and requests including customer relations, experience, satisfaction, complaint, objection, request and proposal along with follow up and execution of legal processes

As per article 5/2 (ç) of LPPD,
As per article 5/2 (e) of LPPD,
As per article 5/2 (f)* of LPPD,
it is in our legitimate interests to make sure that complaints are investigated (so that our customers receive a high standard of service and we can prevent complaints from arising in the future).

Identity, Finance, Visual and Audio Records, Contact Information, Location, Customer Transactions

To check your instructions to us, to analyse, assess and improve our services, and for training and quality purposes
(We may monitor or record any communications between you and us, including phone calls, for these purposes.)

As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to check the orders you place at our bank, to prevent and detect fraud and other crimes, analyse, assess, improve our services to our customers, to do these for training purposes and improve the services offered to customer.

Identity, Finance, Visual and Audio Records, Contact Information, Legal Proceedings, Customer Transactions, Security of Physical Venue, Transaction Security, Risk Management

To check national and international lists as per legislation on the Prevention of Laundering Proceeds of Crime and Financing of Terrorism along with the Prevention of Weapons of Mass Destruction that our Bank is subject to, to fulfil know-your customer principle by identification, recording information such as occupation, income status and purpose of transaction to detect and confirm ID and addresses, execute compliance processes as per foreign legislation

As per article 5/2(a) of LPPD,
As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD, As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to detect, prevent and analyse fraud, laundering proceeds of crime, terrorism financing and other crimes and verify your ID to protect our Bank.

Identity, Finance, Marketing, Customer Transactions, Transaction Security, Contact Information, Professional Experience

To offer our products and services in scope of capital market activities including banking, insurance, pension, finance and investment along with products and services of other companies of DFSG or institutions we collaborate with, intermediate for or act as agency, to contact you, make offers, carry out promotion, marketing, cross sell and campaign activities and design tailored marketing and promotion activities for you

Having your explicit consent as per article 5(1) of LPPD

Identity, Customer Transactions, Transaction Security

To use the data to provide better services for you, calculate product and service priority and determine points of service (for instance, use of Q-matics)

It is in our legitimate interest for our customers to receive high standard services as per article 5/2 (f)* of LPPD

Identity, Finance, Visual and Audio Records, Contact Information, Legal Proceedings, Transaction Security, Risk Management

To make debt collection and exercise our other rights as per any agreements we enter into with you; also to protect ourselves against possible damages to our property rights and interests

As per article 5/2(a) of LPPD,
As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD, As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to make sure we can recover the debts owned to us, as well as making sure our assets are protected.

Identity, Finance, Contact Information, Customer Transactions, Health Data

To offer services related to insurance, investment and finance products the bank intermediates for as agency and insurance products it offers with the capacity of pledge and creditor and/or fulfil services in relation to these

As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to offer you insurance products and receive price quotes on these products. We will process your health data in the event that we receive your explicit consent as per article 6 (2) of the LPPD.

Identity, Finance, Contact Information, Customer Transactions

To respond to your payment initiation and account information service requests for your accounts at other payment service providers or to offer account information and payment initiation service for your accounts at our bank (if you request information from us that a third party provider needs)

When information is requested on account movements by account holder customers at our bank and/or intermediaries they authorize with whom you have collection or payment relations via products such as money transfer, cheque, bill payment (for instance, your data (such as ID number/tax number) are indirectly sent to the counterparty through our account movement integration product)

Article 5/2 (c) of LPPD,
Article 5/2 (ç) of LPPD.

Identity, Finance, Contact Information, Location, Legal Proceedings, Customer Transactions, Security of Physical Venue, Visual and Audio Records, Risk Management

To prevent and detect fraud, laundering of proceeds of crime, terrorism financing and other crimes (identity theft etc.) through planning, auditing or executing information security processes and ensuring the security of locations such as bank branches and ATMs along with bank systems and operations (for instance, we can use CCTV systems to monitor and/or collect visuals or audio records (or both) outside our office buildings or perimeters)

As per article 5/2(a) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to check your ID and comply with the applicable laws in order to protect our organization by preventing and investigating fraud, laundering of proceeds of crime, terrorism financing and other crimes.

Identity, Finance, Contact Information, Legal Proceedings, Customer Transactions, Security of Physical Venue, Transaction Security, Risk Management

To comply with currently enforced laws and regulations and collaborate with regulatory authorities and police department (to fulfil obligations arising from Banking Law, Debit Cards And Credit Cards Law, Laws And Regulations On Payment And Securities Reconciliation Systems, Payment Services And Electronic Money Institutions and legislation our bank is subject to and to keep to legislation on AML and Preventing Terrorism Financing besides domestic and international legislation) to utilize the system (“İYS”) that enable to receive commercial electronic notification approvals as per Law on Regulation of Electronic Trade numbered 6563 and the underlying Regulation on Commercial Communication and Commercial Electronic Notifications, to exercise right to refuse and manage complaint processes,
To comply with information safekeeping, reporting and notification obligations foreseen by the BRSA (Banking Regulation and Supervision Agency ), CMB, CBT (Capital Markets Board of Turkey), CBT (The Central Bank of the Republic of Turkey), MASAK (Financial Crimes Investigation Board), TBB (Banks Association of Turkey), KOSGEB, Revenue Administration, Under-secretariat of Treasury, Social Security Institution, Central Registry Agency, Turkish Ministry of Treasury and Finance, Credit Bureau, Risk Centre, TBB and other authorities,
To fulfil our identification and access obligations regulated under Regulation on Bank Information Systems and Electronic Banking Services

As per article 5/2(a) of LPPD
, As per article 5/2 (ç) of LPPD, As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to protect our organization

Identity, Finance, Contact Information, Legal Proceedings, Customer Transactions, Security of Physical Venue, Transaction Security, Risk Management

To comply with currently enforced laws and regulations and collaborate with regulatory authorities and police department (to fulfil obligations arising from Banking Law, Debit Cards And Credit Cards Law, Laws And Regulations On Payment And Securities Reconciliation Systems, Payment Services And Electronic Money Institutions and legislation our bank is subject to and to keep to legislation on AML and Preventing Terrorism Financing besides domestic and international legislation) to utilize the system (“İYS”) that enable to receive commercial electronic notification approvals as per Law on Regulation of Electronic Trade numbered 6563 and the underlying Regulation on Commercial Communication and Commercial Electronic Notifications, to exercise right to refuse and manage complaint processes,
To comply with information safekeeping, reporting and notification obligations foreseen by the BRSA (Banking Regulation and Supervision Agency ), CMB, CBT (Capital Markets Board of Turkey), CBT (The Central Bank of the Republic of Turkey), MASAK (Financial Crimes Investigation Board), TBB (Banks Association of Turkey), KOSGEB, Revenue Administration, Under-secretariat of Treasury, Social Security Institution, Central Registry Agency, Turkish Ministry of Treasury and Finance, Credit Bureau, Risk Centre, TBB and other authorities,
To fulfil our identification and access obligations regulated under Regulation on Bank Information Systems and Electronic Banking Services

As per article 5/2(a) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to protect our organization

 

Identity, Finance, Marketing, Contact Information, Customer Transactions, Professional Experience

Having your explicit consent as per article 5(1) of LPPD

Identity, Finance, Marketing, Customer Transaction, Professional Experience

To make the marketing messages/ads you receive to be more relevant and attractive to you and to perform advertising and marketing follow up

Having your explicit consent as per article 5(1) of LPPD

Transaction Security

To improve user experience in our mobile applications and website

As per article 5/2(f)* of LPPD, it is in our and our customers’ legitimate interest to improve our customers’ experience on our mobile banking and our website, to ensure their access to applications and our website in an easier, quicker and error-free manner.

Identity, Contact Information, Transaction Security, Customer Transactions

Keeping traffic information log as per the Law on Regulating Online Publications and Combating Crimes Through these Publications numbered 5651 (“the Law”) in case internet access is used; to record and audit communication, correspondence and transactions

Article 5/2(a) of LPPD,
Article 5/2 (ç) of LPPD.

Identity, Finance, Visual and Audio Records, Contact Information, Legal Proceedings, Customer Transactions, Transaction Security

As per article 42 of Banking Law numbered 5411 and in accordance with article 17 of Regulation on Terms and Conditions of Accounting Principles of Banks and Safekeeping of Documents and based on other legislation the bank is bound by; for arranging and safekeeping all electronic (SWIFT, internet/mobile banking, head office units, branches, kiosks, ATMs, internet branch, call centre and all other similar channels) and paper records and documents associated with transactions based on the legal obligation of our bank to keep them for 10 years,

Article 5/2(a) of LPPD,
Article 5/2 (ç) of LPPD. 

Identity, Finance, Contact Information, Customer Transactions, Transaction Security, Risk Management

To carry out the support services given as per the permission of BRSA on extending services and the risk, audit and operational services conducted with subsidiaries in accordance with Banking Law and other legislation for planning relations or risk management with shareholders along with preparing consolidated financial statements for main shareholders as per article 73/4 of Banking Law

Article 5/2(a) of LPPD,
Article 5/2 (c) of LPPD, 
Article 5/2 (ç) of LPPD.

Identity, Finance, Contact Information, Customer Transactions, Risk Management

For appraisal studies to be made by potential buyers for the purpose of 10% or more of shares in capital which are acquired directly or indirectly as per article 73/4 of Banking Law or for valuation studies to be made for assets or asset backed securities including loans

Article 5/2(a) of LPPD,
Article 5/2 (ç) of LPPD.

Identity, Finance, Customer Transactions, Risk Management

For appraisal, rating and independent audit activities as per article 73/4 of Banking Law

Article 5/2(a) of LPPD,
Article 5/2 (ç) of LPPD.

Identity, Finance, Contact Information, Risk Management, Transaction Security

Even if you are not our customer; to define your risk group for determining loan caps to be lent to a risk group as per banking legislation, to determine, monitor, report and control loan caps

As per article 5/2(a) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to protect our organization

Identity, Visual and Audio Records, Contact Information, Location, Transaction Security

To notify the closest branch/ATM to your location through our website or other applications upon your request; to notify weather forecast for your location, video calls you make with agents to answer questions or carry out transactions or to develop and offer you new technologies like voice activated chatbot

As per article 5/2 (c) of LPPD,
As per article 5/2 (e) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to sustain our competitive edge besides improving and developing our products and services in order to continue offering these products and services to customers

Identity, Finance, Marketing, Contact Information, Legal Proceedings, Customer Transactions, Transaction Security

To contact you through mail, phone, SMS, e-mail, ATM and other digital methods.
The purpose may be the following:

  • To help you manage your accounts, to get your order and document approvals
  • To fulfil our legal obligations,
  • To provide your account statements and other information linked to your account or our relationship
  • To notify you on our products and services you own and to send you information on products, services, awards, offers, promos and contests that may be of interest

As per article 5/2(a) of LPPD, As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to share information with you on products and services that could be relevant or beneficial to you.

Having your explicit consent to inform you on products and services you own and to send you information on products, services, awards, offers, promotions as per article 5/1 of LPPD

Identity, Finance, Contact Information, Legal Proceedings, Customer Transactions, Risk Management

After the restructuring, sale or purchasing of any DFSG companies or debts; to transfer your information to the organization to where your account is/will be transferred or to share these with that organization

As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest for any part of our organization or any DenizBank debt to be restructured or sold

Identity, Finance, Contact Information, Customer Transactions, Transaction Security, Risk Management

As per article 5 of Regulation on Compliance Program towards Obligations on Preventing Laundering Proceeds of Crime and Financing of Terrorism; to ensure that the compliance program of DFSG is applied across the financial group and to share information on know-your customer, account and transactions within the group,

As per article 5/2(a) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to verify your ID in order  to detect, prevent and analyse fraud, laundering proceeds of crime, terrorism financing and other crimes and protect our bank.

Identity, Finance, Visual and Audio Records, Contact Information, Legal Proceedings, Customer Transactions, Security of Physical Venue, Transaction Security, Risk Management

To share your information with Turkish or other related tax authorities, Banks Association of Turkey Risk Centre and companies founded by at least five banks or financial institutions, companies that combat fraud, regulatory bodies and authorities in Turkey

As per article 5/2(a) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to make certain credit controls to take responsible commercial decisions. As a responsible organization, we need to ensure that we only offer appropriate products and services for individuals and that we continue to manage our services.
It is in our legitimate interest to help prevent and detect fraud and other crimes.
It is in our legitimate interest to help domestic and foreign regulatory authorities to ensure banks keep with laws and regulations.

Identity, Finance, Contact Information, Customer Transactions, Transaction Security

For the management, planning and execution of relations and processes with support/outsource service providers, business partners or suppliers

As per article 5/2 (c) of LPPD, As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to use other organizations for them to offer services on our behalf.

Identity, Finance, Visual and Audio Records, Contact Information, Location, Customer Transactions, Transaction Security, Risk Management

For planning or execution of internal systems, IT, operations, audit, internal control, risk monitoring, risk management, ethics and financial risk processes of our bank

Article 5/2(a) of LPPD,
Article 5/2 (ç) of LPPD. 

Identity, Finance, Contact Information, Customer Transactions, Transaction Security

To carry out a transaction if you are a representatives/authorised person for any natural or other person to transact with or without a bank account,

Article 5/2(a) of LPPD,
Article 5/2 (c) of LPPD, 
Article 5/2 (ç) of LPPD.

Identity, Contact Information, Finance, Customer Transactions, Risk Management

When any commercial customer requests a loan and/or investment product; to assess the loan history, credibility and loan conditions of the owner, partner and manager of the natural person commercial customer in order to assess the request

As per article 5/2 (a) of LPPD,
As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

It is in our legitimate interest to make sure our Bank and assets are prudently protected.

Identity, Finance, Contact Information, Legal Proceedings, Customer Transactions, Transaction

To assess loans and collaterals, research intelligence and information and manage loan sales, allocation, lending, follow up and monitoring processes

As per article 5/2 (a) of LPPD,
As per article 5/2 (c) of LPPD,
As per article 5/2 (ç) of LPPD,
As per article 5/2 (f)* of LPPD,

it is in our legitimate interest to make sure our bank assets are protected.

*We carry out data processing activities on condition that we do not harm your fundamental rights and freedoms, as long as there is a compulsory legal reason to process the data as the data controller, as per article 5/2 (f) of LPPD.

Special Categories of Personal Data

Race, ethnicity, political opinion, philosophical belief, religion, sect and other beliefs, attire, association, foundation or union membership, health, sexuality, criminal conviction and data on security measures along with biometric and genetic data are considered to be special categories of personal data.

Your data categorized as special may be processed in the following events:

SPECIAL CATEGORIES OF PERSONAL DATA WHAT WE USE YOUR SPECIAL CATEGORIES OF PERSONAL DATA FOR LEGAL BASIS FOR DOING SO

Health Information

We process your health data to offer you insurance products or price quotes, to select special conditions such as Braille alphabet for account statements when system developments are made, to prepare an insurance policy draft when you buy health/life insurance and/or private pension products (and/or if needed as collateral for a loan that is allocated)

We will process your health data, which is a special category of personal data, if we receive your explicit consent as per article 6 (2) of LPPD.

Criminal Convictions and Security Measures

As per the Cheque Law numbered 5941, we are obliged to enquire your criminal records if you apply to our Bank to open a cheque account

It is stipulated by law as per article 6(3) of LPPD.

Biometric Data

If you request to become our new customer via remote identification method pursuant to the Regulation numbered 31441 or to carry out transactions with our mobile application via remote identification, we process your biometric data in order to fulfil your requests.

We will process your biometric data, which is a special category of personal data, if we receive your explicit consent as per article 6 (2) of LPPD.

In processes whereby we are legally obliged to keep a copy of your ID in order to comply with the laws and regulations that we are subject to and co-operate with regulators and law enforcement organisations, information regarding your blood type and religion (provided on your ID document) is present in our system since we are obliged to keep a copy of your ID document, and they are not subject to any additional processing by our Bank. We will continue to work to destroy such special categories of data from our system.

5. Who we will share your personal data with and For What Purposes

Your personal data is shared with the below parties, for the below reasons:

DenizBank Financial Services Group Entities
Your personal data may be processed as per conditions set forth in article 9 on transfer of personal data abroad and article 8 on transferring personal data under LPPD in order to be used in consolidated financial statement preparations, risk management and assessment studies and registered in central information system of our shareholder for internal audit practices as per article 73/4 of banking law; to disseminate the compliance program of DFSG as per article 5 of Regulation on Compliance Program for Obligations to Prevent Laundering Proceeds of Crime and Terrorism Financing across the financial group as well as to know-the-customer and share information on accounts and transactions in the group and for support services realized as per extension permissions granted by the BRSA; by companies and persons within the company group our bank is included in, direct and indirect subsidiaries of our bank both domestic and abroad, main shareholder and other shareholders of our bank and their affiliates, employees, company officers, legal, financial and tax consultants and auditors.
You can access domestic and foreign subsidiaries of our bank, our main shareholder, holding companies and subsidiaries of our main shareholder and our risk group along with titles, countries and address information on https://www.denizbank.com/kvk/deniz-ve-destek-hizmeti-kuruluslari.aspx.

Data can be shared with payment transaction service providers and other institutions that help us carry out payments and other companies that are members of payment programs or offer payments in certain payment types in order to offer you products and services you receive from us.
(card payment system companies that are established abroad or domestically and are included in Law numbered 6493 and other legislation including Europay INT.SA, Moneygram Group (Moneygram Payment Systems Inc. and Moneygram Turkey Ödeme Sistemleri A.Ş.), MasterCard INT.INC., Visa INC., JCB CO., LTD., Maestro, Electron)

Third Party Payment Providers. If there is need to confirm that the payment is made to the correct account, your data related to this purpose only can be shared with persons who paid into your account.

Other banks and Financial institutions and merchants: If a payment is made to your account by mistake, details about you and the wrong payment can be shared with the sender banks to they can collect the said amount. Your personal data can be transferred to correspondent banks, international or domestic banks, merchants and financial institutions for sharing electronic transfer messages, foreign trade transactions, secure financial transaction messages linked to all kinds of money transfers to be made domestically or internationally including inter-bank and/or swift systems; for global payment and loan transactions and electronic transactions, domestic and international collateral transactions and liquidation of payment transactions and those associated with these proceedings.

Independent third party service providers with whom you ask us to share data with (or third parties authorized to give orders on your behalf) (for instance service providers to initiate payments or provide account information). If we share your data with these third parties, we do not have any control on the use of them by these parties. You (or third parties authorized to give orders on your behalf) would have to settle directly with these third parties.

Companies to which you made payments through your DenizBank account and need our help to make the payment to your account at their organization (like companies that offer public services). For instance, your personal data can be shared with Ministry of Treasury and Finance for your tax debt payments, with invoice production companies for invoice payments, with companies offering games of chance for lottery payments, with Directorate General for Highways, Turkish Post and private build/operate/transfer companies for bridge/toll payments, with persons and entities that you have relations with for your collections.

Our service providers and agencies (including their sub-contractors). Your personal data can be shared with support services companies, contracted consultants, institutions, parties, suppliers, outsource providers, cloud service providers, mobile service providers authorized by IT and Communications Authority, attorneys, law offices, notaries, company auditors, independent audit, rating and appraisal companies and other professional consultants and contracted companies that complement our bank services or act as an extension.

Your data can be shared with these persons and companies in order to design, develop and sustain internet based tools and applications; receive application or infrastructure (cloud) services; manage marketing activities or events and customer communication; prepare reports and statistics; confirm and detect contact information; printing materials and designing products; advertisements in applications and websites; receive legal, audit services or other specialized services; follow up and manage legal processes; audit our activities for legislative compliance; give postal services by our agencies; archive physical records; manage securitizations; offer or receive intermediary collection services.

Support Service Institutions can be classified categorically as archive services, information systems, operational services, call centre, marketing, collection and security and you can reach them via https://www.denizbank.com/kvk/deniz-ve-destek-hizmeti-kuruluslari.aspx 

Your personal data can be shared with our business partners who offer services with, agencies and brokers who act on our behalf or who we provide products and services collectively such as insurance and intermediary, agency companies to fulfil our obligations arising from intermediary, agency activities. (for instance, hotel or airline business partners, business partners for card programs or those that have their name or logos on our credit cards or debit cards). Your data can be shared with other service providers and agencies that serve on behalf of our business partners.

Insurance providers including insurers, claims specialists and other related third parties. When you request an insurance claim, information you give to us or the insurer can be logged in records. This data can be shared with other insurers.

General Directorate of the National Lottery: Your personal data can be shared with the General Directorate of the National Lottery if you join any campaigns or raffles offered by our bank.

Public Bodies and Authorities: If we are legally obliged, your data will be shared with BRSA, Personal Data Protection Authority/Board, CMB, CBRT, MASAK, Banks Association of Turkey, KOSGEB, Revenue Administration, Under-secretariat of Treasury, SSI, IT and Communications Institution, ministries, judicial bodies, police, public prosecutors, courts and arbitration/intermediary organs that are legally authorized public or private bodies and persons indicated in article 73 of banking law.

Your personal data can be shared for the sale of our receivables or for valuation studies of our shares with third parties, possible buyers and asset management companies after any DFSG company or debt is restructured, sold or acquired.

Your personal data can be shared with anyone we transfer or assign (or may transfer and assign) our rights and obligations, as much as permitted by terms and conditions in any of your agreements signed with us.

Your personal data can be shared with the consultants you authorized to represent you (accountants, attorneys and other professionals) or any other person you indicate as authorized to place orders on your behalf and utilize accounts, products and services (e.g. with Power of attorney).

Your personal data can be shared with Turkish and foreign regulatory authorities, police department and authorized bodies in relation to combating crimes (directly or through third parties like the credit bureau) or for social and economic statistical research. Payment details may also be shared (including information on other parties’ party to the payment).

Institutions that combat fraud: If you give us wrong or false information, we will notify this to institutions that combat fraud at all times. This will enable other organizations (within and outside of Turkey) including the police department to use this information to prevent and detect fraud and other crimes.

Risk centre or companies established by at least five banks or financial institutions (interbank card centre, credit bureau etc.): Your personal data can be shared to manage risk management and monitoring activities.

System integrations shared via public entities and institutions (ID Sharing System, Address Based Population Registration System, etc.): Your personal data can be shared to ensure that your applications are put into process accurately and to make enquiries in the systems for your security within the framework of know your customer obligations.

US and/or RU Corporations: If you are a natural or legal person from the USA and/or EU or if you transact in USA and/or EU  markets or if you are subject to USA and/or EU tax laws or for all other legal necessities, your account number, address, ID, occupation, account, transaction and data can be shared with the USA Dodd Frank (Dodd Frank Wall Street Reform and Consumer Protection Act) and FATCA (Foreign Account Tax Compliance Act), ISDA (International Swaps and Derivatives Association) and the European Union (EU) EMIR (European Market Infrastructure Regulation) and CRS (Common Reporting Standard) laws and other regulations, U.S. Internal Revenue Service (IRS), European Securities and Markets Authority (ESMA) and/or all other relevant US and/or EU companies and enterprises and be processed by them for such purpose.

Laws and regulations may oblige us to share your account information with tax authorities directly or through local tax offices. These tax offices, which we share the information with, may share the said information with other suitable tax authorities.

If you make any donations, your data can be shared with associations and foundations.

Your personal data can be shared with other third parties if you give explicit consent or upon your request.

Insured and Insurer: If you buy an insurance product within our Bank or our company group or through another company, your data can be shared with relevant insurance companies.
Details on how our insurance business partners will use your data (including the personal data you will directly give them) are given in the data privacy notices provided by insurance companies.

Domestic and international independent audit companies, rating agencies and specialized enterprises; Your data can be shared for audit, rating and credit restructuring processes and for executing assessments on the applicability of restructuring and detecting financial conditions.

If a loan you utilize from our bank is allocated to you through us indirectly from a foreign financial institution (EIB, EBRD, GGF, EFSE, IFC, EIF, AFD, Proparco; AIIB) or if funds that domestic financial institutions TKB, Turkish Eximbank, TSKB secure from abroad are allocated to you through us as an intermediating financial institution; your personal data can be shared with these financial institutions and the third parties to whom they are obliged to give information in order to carry out internal audit, internal control, risk management, risk monitoring, credit lending and credit restructuring activities.

6. Risk Centre of the Banks Association of Turkey

We conduct credit and ID controls about you together with the Risk Centre of the Banks Association of Turkey or companies established by at least five banks or financial institutions (Interbank Card Centre, Credit Bureau, etc.) as well as institutions combatting fraud. To do this, we provide the said entities with your personal data and they provide us with information about you.

In sub-paragraph h of article 3 of the Regulation on Risk Centre of the Banks Association of Turkey, Risk Centre has been defined as the centre not having a separate legal personality, established as part of the Banks Association of Turkey, in order to gather risk information about customers of crediting institutions and other financial institutions to be deemed fit by the Board, and to share such information with the said institutions and with natural persons or legal entities themselves or subject to prior consent, as stipulated in the Law numbered 6111 and Supplementary Article 1 of the Banking Law.

Article 9 of the Regulation on Risk Centre of the Banks Association of Turkey stipulates the scope, format and contents of information to be provided by members to the Risk Centre. We share your information stipulated in article 9 with the Risk Centre. From the Risk Centre, we receive your information stipulated in article 10 entitled “Sharing of Information Held by the Risk Centre with Members” of the same regulation.

Even if you are not our customer, to determine the credit limits that can be lent to a risk group as per the banking legislation, your personal data can be processed to identify the risk group which you will be included in, to determine, monitor, report and control the credit limit to be lent (Article 49 of the Banking Law explains identification of risk groups. Besides those, the Banking Regulation and Supervision Agency of the Republic of Turkey shall identify other natural and legal persons that will be included in the risk group).

7. Keeping Your Information

Pursuant to Article 42 of the Banking Law numbered 5411 and Article 17 of the Regulation on Principles and Procedures Pertaining to Accounting Practices of Banks and Retention of Documents, it is legally mandatory for our Bank to retain your information and documents for a period of ten years. In the event that you request that your personal data to be erased, your personal data shall be erased, destructed or anonymised at the end of a 10-year retention period, if you no longer receive services from our bank actively and all the conditions requiring processing of your data have disappeared.

8. Automated Processing

The way we analyse personal data relating to our services may involve profiling. This means that we may process your personal data using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you in the following cases:

  • Credit and solvency checks to see whether your application will be accepted
  • If automated processing is necessary for us to enter into a contract with you. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products, based on your credit history and other financial information we have collected about you.
  • To determine credit limits,
  • For controls related to prevention of laundering proceedings of crime, and checks related to financial sanctions,
  • To be informed about the purpose of account opening and purpose of the requested product and transaction, consider and accept the suitability of account opening request, for ID checks, customer due diligence and address controls,
  • Monitoring your account for fraud and other financial crime, either to prevent you committing fraud, or to prevent you becoming a victim of fraud
  • Deciding whether an account is dormant (not used anymore) or not, to close if dormant,
  • If we have your explicit consent, to select customised offers, discounts or recommendations to send to you, based on various factors such as your credit history and how you use your accounts and products at our institution, by making an assessment on your credit and solvency,
  • To help you manage your financial situation by categorising your expenditures and presenting such information to you in different ways,
  • To help us determine our overall credit risk as a bank,
  • To help us specify product prices.

Pursuant to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and Law on Protection of Personal Data, you have rights related to automated decision making. As per article 11(g) of the Law on Protection of Personal Data, you may object to a consequence against you that occurs due to analysis of your personal data exclusively by automated systems. You can contact us to exercise this right.

9. Cookies

We may use cookies and similar technologies on our websites and applications as well as in our e-mails. Cookies are text files collecting small amounts of information stored in web browsers when you visit a website. You may access our cookies policy through the following link: https://www.denizbank.com/hakkimizda/cerez-politikasi.aspx

10. Your Rights

Pursuant to article 11 of the Personal Data Protection Law, you have the following rights related to your personal data:

a) to learn whether your personal data are processed or not,

b) to request information if your personal data are processed,

c) to learn the purpose of your data processing and whether this data is used for intended purposes,

d) to know the third parties to whom your personal data is transferred at home or abroad,

e) To request correction if your personal data were processed incompletely or inaccurately and to request that third persons, to whom your personal data are transferred, get notified about the transactions carried out within this scope,

f) Despite being processed as per the provisions of the Law numbered 6698 and other relevant laws, in the event that reasons requiring the processing have disappeared, to request the erasure or destruction of your personal data and to request that third persons, to whom your personal data are transferred, get notified about the transactions carried out within this scope,

g) to object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavourable consequence for you.,

h) to request compensation for the damage arising from the unlawful processing of your personal data.

Pursuant to the Law numbered 6698 on Protection of Personal Data, you can exercise your rights related to your personal data by filling out the form by choosing the sub-headings “Type of reporting: Question – Subject: Retail Banking Products/ SME Banking/ Agricultural Banking – Sub-topic– Report Personal Data Protection Law Complaints” available at the link https://www.denizbank.com/en/bilgi-limani/CustomerSatisfaction.aspx or through one of the channels below:

  • By applying in person to our Head Office located in Büyükdere Cad. No: 141 34394 Esentepe – ISTANBUL or any of our branches or via notary in writing,
  • By sending your application by e-mail to denizbank.haberlesme@hs04.kep.tr, using your registered e-mail address,
  • By sending an e-mail to oncemusteri@denizbank.com, using your personal e-mail address with secure electronic signature or mobile signature or the e-mail address you used to register our system,
  • By contacting our Bank’s Call Centre at 0850 222 0 800,
  • By using another method specified within the scope of the Communiqué on the Principles and Procedures for the Request to Data Controller

Your application must include the following:

a) Your name, surname, and signature if your application is in writing,

b) (For Republic of Turkey citizens) Your Republic of Turkey ID Number, (for foreigners) your nationality, passport number or ID number, if any,

c) Your residential or work address that is the basis for the notification,

ç) Your e-mail address, telephone number, fax number, if any, that is the basis for such reporting,

d) Subject matter of the request.

Your request shall be finalised as soon as possible and within thirty (30) days at the latest, free of charge. If transactions pertaining to your request entail a separate cost, a fee may be charged from you as per the tariff stated by the Board.