Protection of Personel Data
Protection of Personel Data
INFORMATION NOTICE ON THE PROCESSING OF CUSTOMERS’ PERSONAL DATA
As Türk Ekonomi Bankası A.Ş. (the “Bank”), acting with the awareness of responsibility as a bank, we exercise reasonable care and diligence as required to ensure the privacy, confidentiality and security of the personal data processed within the scope of performance of our activities.
This Türk Ekonomi Bankası A.Ş. Information Notice on the Processing of Customers’ Personal Data (the “Information Notice”) has been prepared to inform you within the framework of Article 10 of the Law no. 6698 on Protection of Personal Data (the “Law”) and the Communiqué on Procedures and Principles to be followed for the Fulfilment of the Obligation to Inform.
We act as the data controller while processing your data as our customers with respect to the data processing activities we conduct within the scope of our banking activities. With this Information Notice, we inform you about your personal data processed, our purposes of processing and sharing/transferring your data and our legal reasons constituting the basis for such activities and the retention period of your data.
Which of Your Personal Data Do We Process?
Your data that are listed below are used in the data processing activities conducted by our Bank:
Some of your personal data is subject to a higher level of protection; these data are classified as “special categories of personal data” and are listed in the Law. We strive not to process your personal data of special categories in the activities conducted by our Bank. However, in some cases, we may process your sensitive data for example, your religion and blood type information obtained within the scope of mandatory ID card photocopying; If you choose to use a voice signature or fingerprint for authentication in mobile application or call center channels, give your biometric data; information about your conviction within the scope of our legal obligations; If you request to pay association or union membership fees/subscriptions, your special data showing that you are a member of these institutions; information about your disability, which is necessary for the performance of our service obligations towards our disabled customers; such as information about your health that you transmit in order to carry out your insurance transactions as an insurance agent.
During the processes where it is obligatory to have a photocopy of your ID card, the Bank does not process and add blood type and religion information stated in the ID card in the system. It is included in the system only because of the copy of the identity document. We diligently carry out the necessary technical work to delete this information in our systems.
Why Do We Process or Transfer Your Personal Data?
Your personal data is processed and transferred by the Bank for the purposes of carrying out required operations in order to sustain commercial activities of the Bank, leveraging reputation and business relations of the Bank as well as determination of its strategies, management of marketing activities of the Bank, ensuring legal and physical security of the Bank to allow the Bank’s customers to benefit from the banking services.
Following purposes may be considered as samples to the mentioned main purposes: maintaining credit extension processes, carrying out sales process for banking services, carrying out insurance, private pension and investment services, carrying out activities oriented to customer satisfaction, carrying out necessary marketing activities providing that the customers benefit from the products and services of Bank, management of complaints, management of events, forming business processes of the Bank, management of information security, setting up and management of information technologies infrastructure, management of financial security processes (Such as Know Your Customer, Anti-Money Laundering, Anti-Fraud and combating with other unlawful transactions), carrying out audit activities, litigation and execution processes. You may find detailed information relating to these purposes by clicking here.
For Which Legal Reasons Do We Process Your Personal Data?
Under articles 5 and 6 of the Law, your personal data are processed by the Bank under the following circumstances:
In addition, your personal data of special categories are processed only if you have given your explicit consent or if it is explicitly stipulated in the laws that the Bank is subject to.
For Which Legal Reasons Do We Transfer Your Personal Data to Third Parties?
We share your personal data with the legally authorized public agencies or private institutions such as the BRSA(Banking Regulation and Supervision Agency), CMB (Capital Markets Board of Turkey), Turkish Financial Crimes Investigation Board (MASAK), the Central Bank of Republic of Turkey, etc.; the Bank’s direct or indirect subsidiaries and shareholders at home and abroad, support service providers, business partners, consultants, suppliers, Mastercard, Visa and the legally authorized public legal entities, private persons or judicial authorities under the following circumstances:
In addition, your special categories of personal data may be transferred only if your explicit consent is obtained or such processing is explicitly envisaged in laws that our Bank subject to.
The transfer of your personal data to abroad is subject to your explicit consent. However, in cases where at least one of the legal reasons for data processing as listed above exists, the party that the data will be transferred to and our Bank take the measures specified in the legislation, and the transfer is approved by the Personal Data Protection Authority, we transfer your data to abroad, providing to be limited with the relevant legal reason.
How and in Which Mediums Do We Collect your Personal Data?
Principally we collect your personal data from 3 different sources in physical or electronic environments: (i) data obtained as per your declaration, (ii) data obtained as a result of your usage of our Bank’s services and products or (iii) data obtained from authorized organizations and institutions.
Within this scope your personal data is collected from our Bank’s Head Office, branches, ATM, internet banking and mobile banking channels, the Bank’s web sites, call center or the Bank’s other contact channels through phone, channels where active sales activities are carried out, face-to-face customer meetings, self-service units with assistant support, CCTV, SMS, e-mails, cookies and similar tracking technologies, subsidiaries and sales offices, unions and associations such as chambers of commerce and artisans, fax, mail, cargo or courier services and from databases (Identity Sharing System, Risk Center of Banks Association of Turkey, Central Civil Registration System etc.) of the institutions and organizations providing support services or having business partnerships to the extent permitted by laws and arrangement, within those limitations and via obtaining your approval if it is required by law.
For How Long Do We Process or Retain Your Personal Data?
We process your personal data during the effective term of the agreement signed by and in effect between you and our Bank.
Following the expiry of this period, we continue to process or store the relevant data if there is any legal provision allowing us to process the relevant data for a longer period, including, the Banking Law in particular, or if there exists any of the legal reasons for such data processing. At the end of these periods, we will immediately delete, destroy or anonymize your personal data.
What Kind of Measures Do We Take to Protect Your Personal Data?
The Bank takes various measures to ensure the security of your personal data. We can classify these measures as organizational measures and technical measures. Organizational measures refer to the measures related to the organization such as employee trainings, access rights restrictions, etc. Technical measures refer to the measures taken relating to our Bank’s systems.
What are Your Rights About Your Personal Data?
Under article 11 of the Law, you have the following rights regarding your personal data:
As the Bank, we take all the necessary organizational and technical measures in line with the requirements of the legislation to ensure that you can easily exercise your rights granted by the Law to you, i.e. the data subjects.
You can exercise your rights mentioned above by completing the application form that you can obtain from the Bank’s website (published on the link) or our Bank’s branches and forwarding it to our Bank through the following methods:
Form must be filled completely and:
In addition, you can send your petition in written stating your requests clearly to our branches or via your e-mail address that you have previously notified to our bank and registered in our systems, or by another method included in the Communiqué on Application Procedures and Principles to the Data Controller published by the Data Protection Authority (KVKK).
Our bank shall conclude your requests regarding your rights listed above as soon as possible and within thirty days at the latest after the transmission date. You may be charged a fee based on the tariffs published by the Personal Data Protection Authority.
Additional information and documentation may be requested by our bank in order to verify your identity as well as to clarify your demand for the purpose of responding to submitted applications. In case of failure to provide such information and documentation, your application may not be responded in order to secure your data.
For further information on the processing of personal data by the Bank, please refer to TEB A.Ş. Personal Data Processing and Protection Policy provided on this link.
Updated on 28 April 2020