LETTER OF ELUCIDATION PURSUANT TO THE PRIVACY ACT
This disclosure is made pursuant to the 10th article of the “Personal Data Protection Law” No. 6698 (briefly PDPL) and due to statutory obligation.
In PDPL, all kinds of information about an identified or identifiable real person is defined as personal data and our Bank carries out personal data processing activities by taking necessary security measures in order to protect fundamental rights and freedoms, especially the right of privacy. Our aim is to inform you about your personal data collection methods, processing purposes, legal reasons, transfer to third parties where the legislation permits and your rights in line with your satisfaction.
a) The Identity of the Date Controller and his Representative (if any):
The data controller is Albaraka Türk Katılım Bankası A.Ş.
b) For which Purposes the personal data will be Processed:
Your personal data may be processed in accordance with the personal data processing conditions set forth in Articles 5 and 6 of the Law No. 6698 for the purposes of;
- Provision of services within the scope of the activities listed in Article 4 of Banking Law No. 5411, in particular banking services, foreign trade services, financing (loan) services, insurance, pension and other agency services, brokerage services, conducting and auditing their operational processes,
- Making the necessary evaluations for the service provided; determination of the owner, authority and addressee of the business and transactions; conducting investment processes, issuing all records and documents that will be the basis of transactions to be performed in electronic or paper environment; communicating important information that must be shared with you through your contact information; performance of intelligence, credit history, credibility, collateral transactions and the analysis other necessary data for credit transactions; monitoring of overdue loan receivables; sale of movables and immovables that are received on account; keeping the notifications such as complaints, objections, requests, suggestions and satisfaction in our notification management system in order to serve you better, conducting management activities,
- Compliance with risk monitoring and information obligations; fulfilling the control obligations stipulated by the legislation, in particular with regard to obligations for internal systems, and sharing them with relevant authorities when necessary; Maintaining Bank’s internal system and application management operations, conducting/planning, auditing and implementing information security processes; Recording camera images in Bank's service units and our ATMs due to security practices in the workplace; quality standards, security, prevention of fraud, resolution of disputes, recording and auditing correspondence, communications and transactions; Informing you of the nearest branches/ATMs to your location in case of your permission/request, ensuring transaction security in cardless transactions made with QR code,
- Execution of the relations that have been/will be established with the agreements signed/to be signed with the Bank; Arrangement and execution of legal and commercial relations between the Bank and the customer; Carrying out lawsuits and enforcement proceedings to which our Bank is a party,
- Planning, conducting and ensuring the security of business activities, operational processes and purchasing operations; carrying out support services after service sales, carrying out financial and accounting transactions, preparing consolidated financial statements,
- Increasing the product and service quality, promotion and marketing, product studies, identifying products and services that appeal to the customer, customer satisfaction studies, increasing efficiency and profitability, information research, modeling, obtaining appreciation and evaluation with questionnaires and other ways, their measurement, analysis, reporting and evaluation, conducting customer satisfaction/loyalty studies, publication, promotion and commercial electronic message submission, R&D activities, strategy formulation, carrying out the planning and statistical activities required by our Bank, execution of customer relationship management processes, organization and event management, conducting sponsorship activities,
- Fulfilling the information storage, reporting and informing obligations envisaged by authorized persons, institutions and organizations,
- Fulfilling all obligations arising from domestic and international legislation and contracts.
The Purpose of Processing of Personal Data of the Same Risk Group:
Even if you are not our customer, your personal data may be processed in order to identify, monitor, report and control of the risk group1 that you will be included in to determine the credit limits that will be provided to a risk group according to the banking legislation.
c) To whom and for what purpose the Personal Data can be transferred:
Within the framework of Article 8 of PDPL No. 6698 on the transfer of personal data and Article 9 on the transfer of personal data abroad, your personal data held by our Bank may be transferred to persons/institutions located at home and abroad for the following purposes;
- In order to fulfill our legal obligations to legally authorized persons, institutions and/or organizations such as Banking Regulation and Supervision Agency, Capital Markets Board, the Central Bank of the Republic of Turkey, Revenue Administration, Financial Crimes Investigation Board, Credit Bureau, Interbank Card Center, Small and Medium Industry Development and Support Administration, Social Security Institution, the Association of Financial Institutions,
- To third parties, support service organizations which the service is received from, cooperating organizations, consultants, program partners, within the limits/obligations set forth by the Banking Law and other laws and regulations and to the extent required by the business processes, in order to carry out our banking activities;
Partnerships in which you, your spouse and children are member of the board or general manager or which are controlled by them or by a legal entity severally or jointly, directly or indirectly or participated by the same persons with unlimited liability, and qualified shareholders, members of the board and general manager of a bank, and partnerships in which they have control jointly or severally, directly and indirectly or partnership with unlimited liability or they are member of the board or general manager, and real and legal persons, who have surety, warranty and similar relations to the extent that in case that one of them have got difficulty in repayment will result in one or a few of them to have difficulty in repayment, constitute a risk group. In addition, other real and legal persons to be included in the scope of the risk group are determined by the Banking Regulation and Supervision Agency.
- To courts, law offices, asset management companies in order to monitor and conduct legal affairs,
- Independent audit company in order to audit that activities are carried out in accordance with the legislation,
- To correspondent banks, domestic/foreign financial institutions in order to fulfill the obligations regarding the recognition of the persons who are parties to the transaction,
- To payment systems organizations, card institutions including Europay Int. SA, Western Union, Mastercard Int. INC, Visa INC, JCB Int. Co., Maestro, Electron; domestic/foreign member merchants in order to execute credit cards and money transfer processes;
- In order be used in the preparation of consolidated financial statements for the parent companies, including the domestic and foreign credit institutions and financial institutions, which have ten percent or more of the Bank's capital, in risk management and internal audit practices,
- To other third parties in the event of your express consent and within the scope of your consent.
d) Method and Legal Reason for Collecting Personal Data:
Your personal information is processed for the purposes stated in articles (b) and (c) above based on the legal reasons of;
- Explicit stipulation in law,
- The requirement of processing of personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
- The fact that it is mandatory for our Bank to fulfill its legal obligation.
- The fact that it is mandatory for the establishment, use or protection of a right,
- The fact that it is mandatory for the legitimate interests of the data controller Bank, provided that it does not harm the fundamental rights and freedoms of the person concerned,
- Information you provide through Bank's Headquarters, Units, Regional Directorates, Branches and other service units through the following channels is processed either fully or partially, automatically or non-automatically by written, oral, electronic or other means,
- Real and legal persons that the Bank cooperates with/receives service from and provides services to, such as its affiliates, support service organizations, companies whose activities we conduct in the capacity of intermediary/agency, correspondent banks, contracted dealers, customer interviews, applications made directly to sales teams, member merchants and their POS devices, market intelligence, screening forensic records, SSI records, PTT,
- National and international authorities/institutions,
- Identity Sharing System, Address Sharing System, Trade Registry Gazette, Land Registry and Cadastre Information System, Risk Center, Credit Bureau, all kinds of systems such as electronic pledge,
- ATM, BTM, kiosk, means of payment, websites, media, social media, internet banking, mobile banking, telephone banking, call center, mobile applications,
- Telephones, computers and cameras of the Headquarters, units, regional directorates, branches and other service units,
- Registered electronic mail, electronic notification, electronic mail, mail, fax, short message, swift and so on/others,
- Any notifications, applications, negotiations and similar/other channels
e) Customer’s Other Rights:
Without prejudice to all relevant exceptions, in particular the cases provided for in Article 28 of the PDPL, you may submit your requests under Article 11 of the Law on the Protection of Personal Data “regulating the rights of the person concerned”, to REM address of firstname.lastname@example.org of our bank in accordance with the “Communiqué on Procedures and Principles of the Application to Data Controller” or to the address Saray Mahallesi Dr. Adnan Büyükdeniz Cad. No:6 Ümraniye/İSTANBUL in writing and signed through notary public or to the e-mail address email@example.com by using your e-mail address registered in our Bank.
In exercising your aforementioned rights, our Bank reserves the right to charge fees/expense in the amounts allowed by the legislation.
For more information, you can access to Personal Data Protection and Processing Policy here.