LETTER OF ELUCIDATION PURSUANT TO THE PRIVACY ACT
This disclosure is made pursuant to the 10th article of the “Personal Data Protection Law” No. 6698 (briefly PDPL) and due to statutory obligation.
All kinds of information about a real person whose identity is identified or identifiable is defined as personal data in the Law and our Bank carries out personal data processing activities on your data such as acquiring in accordance with the law, recording, storing, retention, alteration, reorganizing, disclosure, transmission, taking over, making it as acquirable, classifying, or preventing it from being used with wholly or partially automatic methods or by non-automatic methods provided that it is a part of any data recording system by taking necessary security measures for the purpose of protecting fundamental rights and freedoms in particular the right of privacy.
Our aim is to inform you about the ways of acquiring and processing purposes and legal reasons of your personal data, transferring to 3rd parties where the legislation allows, and your rights, in line with your satisfaction.
a) The Identity of the Date Controller and his Representative (if any):
The data controller is Albaraka Türk Katılım Bankası A.Ş.
b) For which Purposes the personal data will be Processed:
- To provide and fulfill all kinds of services including activities that are listed in Article 4 of the Banking Law No 5411 such as Banking services, foreign trade services, financing services (credit), insurance, pensions and other agency services, brokerage services
- To carry out the evaluation necessary for the service being delivered; to use of your information to determine the owner, the authority and addressee of any business and transaction; to arrange all records and documents which are to be based on transactions to be carried out in electronic or paper environment; to forward important information to be shared with you via your contact information; to perform intelligence, credit history, credibility, collateral transactions for credit transactions and to analyze other necessary data; to follow-up of loan receivables with delinquency status; sale of movable and immovable properties taken over to the credit of the receivable; to record the notifications such as complaints, objections, requests, suggestions and satisfaction in our notification management system in order to serve you better,
- Compliance with risk monitoring and informing obligations; fulfillment of the control obligations stipulated by the legislation, in particular the obligations related to internal systems, and, when necessary, sharing with the relevant authorities; maintaining bank internal system and application management operations, planning, auditing and implementing information security processes; recording of camera images in our Bank’s service units and ATMs due to security practices in the workplace; quality standards, security, fraud prevention, resolution of disputes, recording and auditing of correspondence, communication and transactions; notifying you of our nearest branch/ATM to your location if you permit/request, ensuring transaction security in transaction made without card with QR code,
- To execute the contracts, which have been/will be made, and relations, which have been/will be established, with the Bank; the organization and execution of all kinds of legal, commercial and other relations between the bank and the customer; to follow the cases and executive proceedings to which our Bank is a party,
- To plan and conduct business operations, operational processes and procurement operations; to prepare consolidated financial statements,
- To improve, promote and for marketing of product and service quality, product studies and determination of products and services that appeal to customers, customer satisfaction studies, to increase productivity and profitability, information research, modeling, taking, evaluating, analyzing, reporting and assessment with surveys and other methods, customer loyalty activities, broadcasting, promotion and commercial electronic messaging, R & D activities, strategy determination, to conduct planning and statistical activities needed by our Bank,
- To fulfill the Bank’s obligations for information storage, reporting, informing, which are prescribed by Banking Regulation and Supervision Agency, Central Bank of the Republic of Turkey, Social Security Institution, Financial Crimes Investigation Board, Office of Foreign Assets Control (OFAC), Credit Bureau, Interbank Card Center, the Capital Markets Board, Revenue Administration, T.R. Ministry of Treasury and Finance and Ministry of Finance and other national and international authorities and
- Personal data of the real person Customer can be processed within the personal data processing requirements referred to in Articles 5 and 6 of the Law No. 6698 for the purpose of fulfilling the obligations of the Bank in accordance with the legislative and contractual relations including what our bank can offer and the agencies, intermediaries and other titles in accordance with domestic and international legislation including aims such as fulfilling all obligations domestic and international legislation and contracts, but not limited to these, especially including Banking legislation, insurance legislation, legislation on prevention of money laundering, capital market legislation, debit cards and credit cards legislation, payment and securities settlement systems, payment services and electronic money institutions legislation, tax legislation, Social Security Institution legislation and consumer law legislation.
The Purpose of Processing of Personal Data of the Same Risk Group:
Partnerships in which you, your spouse and children are member of the board or general manager or which are controlled by them or by a legal entity severally or jointly, directly or indirectly or participated by the same persons with unlimited liability, and qualified shareholders, members of the board and general manager of a bank, and partnerships in which they have control jointly or severally, directly and indirectly or partnership with unlimited liability or they are member of the board or general manager, and real and legal persons, who have surety, warranty and similar relations to the extent that in case that one of them have got difficulty in repayment will result in one or a few of them to have difficulty in repayment, constitute a risk group. In addition, other real and legal persons to be included in the scope of the risk group are determined by the Banking Regulation and Supervision Agency.
Even if you are not our customer, your personal data may be processed in order to identify, monitor, report and control of the risk group that you will be included in to determine the credit limits that will be provided to a risk group according to the banking legislation.
c) To whom and for what purpose the Personal Data can be transferred:
Within the framework of the aforementioned purposes and article 8 on transferring personal data and article 9 on transferring the personal data to abroad of KVKK no. 6698, your personal data in our Bank may be transferred to the following persons/institutions at home and abroad;
- To the institutions and/or entities within the limits/obligations lined by provisions of the law and legislation especially Banking Law ( particularly financial institutions and other third parties mentioned in article 73/4 of the Banking Law);
- Legally authorized persons and/or institutions such as Banking Regulation and Supervision Agency, the Capital Markets Board, Central Bank of the Republic of Turkey, Revenue Administration, Financial Crimes Investigation Board, Credit Bureau, Interbank Card Center, Presidency of Development and Support of Small and Medium-Sized Enterprises Administration, Social Security Institution, Association of Financial Institutions;
- To person, organization and/or institutions for which we conduct activities in the capacity of brokerage/agency ;
- To third parties from which service is procured to conduct our banking activities;
- Where necessary and allowed by the legislation, to consultants and organizations, independent audit companies, correspondent bank, domestic/international financial institutions and domestic/overseas member workplaces;
- To payment system institutions including Europay Int.SA, Western Union, Mastercard Int. INC, Visa INC, JCB Int. Co., Maestro, Electron, and other card institutions;
- To the Bank’s partners, subsidiaries, family company, controlling partner, direct and indirect affiliates and partnerships;
- To other third parties in case of and within your express consent;
- Including but not limited to the aforementioned, to all national and international authorized authority/organizations/institutions, all real and legal persons that are authorized nationally and internationally prescribed by the national and international regulations;
d) Method and Legal Reason for Collecting Personal Data:
Personal data collected with the following methods may be collected through wholly or partially automated or non-automated, written, oral, electronic or other means within the conditions and purposes of the personal data process specified in articles 5 and 6 of the Law no 6698 and with the purposes stated in (b) and (c) clauses above and by the following instruments:
- The information you provide through the Bank’s General Directorate, Units, Regional Directorates, Branches and other service units,
- Also, Bank’s subsidiaries, real and legal persons the Bank cooperates with and provides/procures service to/from and have got business relations, companies whose activities are executed by us in the capacity of brokerage/agency, correspondent/drawee banks, contracted dealers, customer interviews, applications made directly to sales team, contracted member merchants and POS’s, market intelligence, examination of judicial records, SSI records, PTT
- National and international authorities/organizations/institutions,
- Identity Sharing System, Address Sharing System, Trade Registry Gazette, Land Registry and Cadastre Information System, Risk Center, Credit Bureau, all systems such as electronic pledge,
- ATM, BTM, kiosk, payment tools, internet sites, media, social media, internet banking, mobile banking, telephone banking, call center, mobile applications,
- Telephones, computers and cameras belonging to Headquarters, units, regional directorates, branches and other service units,
- Registered electronic mail, electronic notification, electronic mail, mail, fax, text message, swift and similar ones/others,
- All kinds of notifications, applications, interviews and similar/other channels made to the Bank
e) Customer’s Other Rights:
Particularly the situations provided in article 28 of KVKK, save for all relevant exceptions, by applying to the Bank, as to be in/used within the conditions stated in KVKK, the real person Customer is entitled (a) to learn whether or not his personal data is processed, (b) if so, to request information in relation to this, (c) to learn the purpose of the process and whether or not the personal data is used in line with this purpose, (ç) to learn the third parties both at home and abroad whom the personal data is transferred, (d) in case the personal data is not accurately and completely processed, to request them to be corrected, (e) to request the personal data be deleted and destroyed within the conditions provided in article 7 of KVKK, (f) to demand the third parties whom personal data was transferred to be notified of the transactions made pursuant to (d) and (e) clauses, (g) to object to the emergence of a result against himself/herself upon analyzing the processed data via exclusively automated systems, and (ğ) to demand indemnification if he/she suffers from the damage arising out of unlawful process of the personal data.
You can submit your requests in written and signed to our Bank via firstname.lastname@example.org KEP address, our Branches or other methods to be determined by Personal Data Protection Board.
In exercising your aforementioned rights, our Bank reserves the right to charge fees/expense in the amounts allowed by the legislation.