CLARIFICATION TEXT ON THE PROTECTION AND PROCESSING
OF PERSONAL DATA OF TURKIYE VAKIFLAR BANKASI TURK ANONIM ORTAKLIGI
1. Purpose
Türkiye Vakıflar Bankası Türk Anonim Ortaklığı ("VakıfBank" or "the Bank") aims to
process your personal data in
compliance with the provisions of Law No. 6698 on the Personal Data Protection Law
("PDPL") and other relevant
regulations.
We hereby inform you that your personal data that you have notified/will notify
and/or obtained by our Bank externally
through any means due to your utilization of the services offered by our Bank shall
be;
- within the framework of the purpose that requires the processing of your
personal data and in connection with this
purpose, in a limited and measured manner,
- by maintaining the accuracy and the most up-to-date version of the personal data
you have notified or as notified to our
Bank,
- recorded, stored, retained, reorganized, shared with the institutions
authorized by law to request such personal data, transferred to domestic or
foreign third parties under the conditions stipulated by the PPD Law,
transferred, classified, and processed in other ways listed in the PPD Law and
may be subject to other transactions listed in the PPD Law by our Bank in the
capacity of "Data Supervisor".
2. Collection and Collection Procedure of Personal Data
Our bank will process your personal data for the purposes stated in this Information
Notice. Any change in the purpose
of processing your personal data will also require your consent. The personal data
collected and used by our Bank are
specifically as follows:
|
Content of Personal Data |
Identity Data |
Documents such as driver's license, copy of identity card and
passport containing information such as name-surname,
Turkish ID number, tax ID number, nationality, mother's
name-father's name, place of birth, date of birth, gender, and
signature/ initials. |
Communication Data |
Data for communication such as telephone number, street address,
e-mail address, residence address, workplace address,
account statement sending address, etc. |
Financial Data |
Financial Data: Financial and salary details, monthly income
information, debt information, account balance details,
payrolls, housing status, interest rates, total asset value, family
income information, EFT/Wire transfer details,
foreign exchange transaction information, investment amount, tax
office details, term/demand deposit account details,
interest information, loan/credit card limit and balance
information, and other financial data. |
Sensitive Personal Data |
Biometric Data: (fingerprint, retina, face, voice, etc.)
Health report, blood type,
Devices and prostheses used on the driver's license (photocopy of
driver's license)
Disability, invalidity and handicap status
Blood group and religion on the identity card
|
Legal Action Data |
Personal data processed within the scope of determination and
follow-up of legal receivables and rights and fulfillment
of debts and compliance with legal obligations and our Bank's
policies, and file and debt information related to
enforcement proceedings (information contained in documents such as
court and administrative authority decisions). |
Transaction Security Data |
Personal data processed to ensure our technical, administrative,
legal, and commercial security, as well as your
security, while conducting commercial activities (information
associated with transactions related to the individual and
demonstrating the individual's authorization to carry out that
transaction, such as a password, voice signature, IMEI
number, authentication method, authentication code, browser type,
username, fraud method, and any other data that may be
collected based on fraud scenarios). |
Location Data |
Address information, transaction location information. |
Professional Experience Data |
Institution, duration of employment, type of insurance, sector of
employment, title, level of education, total working
time of the person concerned. |
Personal Data |
All kinds of personal data processed for obtaining information that
will be the basis for the formation of the personal
rights of real persons who are in a service relationship with our
Bank (Identity information entered in the personal
file, job application form, passport size photograph, education
information, graduation information, diploma sample,
profession, place of previous employment, resume information,
private pension information). |
Physical Space Safety Data |
Personal data related to records and documents taken at the entrance
to the physical space, during the stay in the
physical space; camera recordings and records taken at the security
point. |
Customer Transaction Data |
Account information, bank information, receiving bank information,
affiliated regional directorate, cheque information,
annual fee information, statement details, account transactions,
EFT/transfer information, transaction details, card
details and transactions, collection information, payment
information, cash instructions, internet transaction
information, branch information, interest usage details, loan usage
details, policy information, swift transaction
details, virtual pos information, collateral information. |
Audio and Video Recording Data |
Photographs and video recordings (excluding recordings covered by
Physical Space Security Information), audio recordings
(e.g. audio recordings of telephone conversations). |
Other Data |
Parents' names, information on military service, institution of
employment, years of employment, education information,
foreign language information, tax number and other tax details,
intelligence and financial details, mortgage
information, prohibited transactions, appraisal details, real estate
office information, residence information, customer
limit, sector, employee and representative information.
|
Your personal data is collected both before and after the establishment of the
service relationship and throughout the
continuation of the service relationship, through all kinds of information,
documents and papers you have submitted to
our Bank and obtained from third parties, the Bank's information processing system,
camera records kept in all locations
of the Bank.
Special Conditions for Processing Biometric Data for Remote Identity
Verification Methods:
In accordance with Article 6 of the Banking Regulation on the Use of Remote Identity
Verification Methods by Banks and
Article 6 of the Personal Data Protection Law ("PDPL"), our bank may process your
personal data, including biometric
data, with your consent for the purpose of remote identity verification, which
includes video calls, facial recognition,
voice signatures, and other identity verification methods in telephone banking and
various digital channels. This
information, encompassing personal data, biometric data, and special categories of
personal data, may be utilized by the
bank for identity verification, marketing activities related to products and
services, offering specialized products and
services, and the formulation and management of bank strategies. It may also be
shared with the bank's partners,
subsidiaries, joint ventures, all affiliated entities, suppliers, business partners,
and third parties, whether located
domestically or internationally.
Special Circumstance Regarding the Identification and Assessment of Risk
Groups:
The individuals and legal entities mentioned below create a 'risk group,' including
but not limited to you, your spouse, your children, members of the board of
directors or general managers of a legal entity controlled directly or indirectly,
individually or jointly, with unlimited liability, as well as partnerships in which
they hold significant stakes, members of the board of directors or general managers
of partnerships controlled directly or indirectly, individually or jointly, with
unlimited liability, and partnerships in which the financial difficulties of one
party may lead to financial difficulties for others due to significant guarantees or
similar relationships. It is determined by the Banking Regulation and Supervision
Agency and even if you are not our customer, your personal data may be processed by
our Bank for the purpose of determining, monitoring, reporting and controlling the
risk group to which you will be included in order to determine the credit limits to
be extended to a risk group according to the banking legislation.
3. Purposes and Legal Reasons For Processing Personal Data
Your Personal Data may be processed by our Bank for, but not limited to, the
following purposes.
Your Personal Data (Religious information, health data, and visual data, which are
considered sensitive personal data
but are included in identity documents, may come indirectly from the photocopy of
identity card and/or driver's license
photocopy) is processed in accordance with the Law on Protection of Personal Data,
Banking Law, Turkish Code of
Obligations, Law on Prevention of Laundering Proceeds of Crime, Law on Debit Cards
and Credit Cards, Capital Markets
Law, Turkish Commercial Code, Law on Attorneys, Turkish Civil Code, Law on Payment
and Securities Settlement Systems,
Payment Services and Electronic Money Institutions, Enforcement, and Bankruptcy Law
and Central Bank of the Republic of
Turkey Law and for the purpose of fulfilling legal obligations and service contract
requirements, including but not
limited to the aforementioned legislation;
- Printing of regular mail,
- Execution of ATM operations,
- Checking fraud activities in banking transactions carried out,
- Execution of bank insurance transactions,
- Reporting to the Banking Regulation and Supervision Board,
- Reporting the incoming calls to the Customer Contact Center supported by our
Bank, recording and evaluating them in our
Bank's data system,
- Checking the accuracy of transactions with other banks,
- Receiving E-Invoice / E-Archive / E-Ledger usage commitments, preparation of
E-Archive Special Integrator, E-Ledger
Storage, E-Ledger Software, E-Invoice Special Integrator, E-Invoice Storage
service customer protocols,
- Execution of EFT and remittance transactions, preventing possible fraud
incidents in EFT and remittance transactions,
- Execution of bank statement printing processes,
- Execution of cheque transactions,
- Realization of chargeback transactions with business partners,
- Legal follow-up, legal reporting, auditing, preparation of notices regarding
overdue debts, reminders regarding unpaid
debts, legal proceedings regarding lawsuits,
- Execution of debt structuring processes,
- Assignment of authorized employees for member workplaces, installation of POS
devices, entry of applications, printing
of statements, notification of registrations and turnovers, and execution of
identification procedures,
- Execution of letter of guarantee processes,
- Registration of real persons with commercial activities in the system,
- Notification to the Central Bank of the Republic of Turkey and the Risk Center
of the Banks Association of Turkey,
- Identification, filing and realization of letter of credit transactions,
- Conducting sales and information transactions of products or services offered
together with business partners,
- Execution of deposits and withdrawals,
- Providing information on customer-specific offers and opportunities and sharing
them with business partners and
affiliates of our Bank in order to offer banking, insurance services and
financial products,
- Suspicious transaction notifications,
- Execution of printing, money loading and other processes of prepaid cards,
- Carrying out sales and information transactions of products or services offered
together with business partners,
- Management of customer gold accounts, defining check integration, performing
check request transactions, creating
account information, performing intelligence/scoring studies, identifying
discounts and exemptions, making bank
profitability calculations based on customer transaction rate, conducting
efficiency analysis and marketing studies,
- Execution of mortgage and loan application processes,
- Preparing the credit card application form, conducting the credit card
application process, performing credit card debt
payment transactions, preparing the credit card preliminary information form,
preparing the credit card contract, making
the credit card offer, performing credit card limit increase and decrease
transactions and conducting credit card
additional card application processes,
- Carrying out mandatory notifications to the Financial Crimes Investigation
Board, Revenue Administration and Ministry of
Finance,
- Execution of intelligence processes and customer evaluations for customers who
will use loans,
- Performing banking transactions via internet and mobile branches,
- Performing the institution's collection processes and defining them in the
system,
- Realization of banking transactions within the scope of the process carried out
together with business partners,
- Execution of blacklist and banned customer transactions,
- Execution and follow up of courier processes,
- Carrying out the salary payment processes of the collaborating companies,
- Performing remote identity verification and authentication processes through
digital channels, including voice signature
identification and verification processes in Telephone Banking.
Your personal data will be retained for a reasonable period of time as determined
in the relevant legislation or until
the purpose of processing is eliminated, and in any case until the statutory
statute of limitations.
4. Transfer of Personal Data to Third Parties
4.1 Transfer of Your Personal Data to Domestic Third Parties;
In order to fulfill legal obligations and service contract requirements, not limited
to the laws including the Banking
Law, Credit Card Law, Capital Markets Law, Social Security and General Health
Insurance Law, Turkish Code of
Obligations, Law on Prevention of Laundering of Crime Revenues, Turkish Commercial
Code, Enforcement and Bankruptcy Law,
Payment and Securities Settlement Systems, Payment Services and Electronic Money
Institutions Law, Occupational Health
and Safety Law, and the Personal Data Protection Law, among others; your personal
data may be transferred to: Istanbul
Stock Exchange, the Customer Contact Center providing support, the Small and Medium
Industry Development and Support
Administration Presidency, the Banking Regulation and Supervision Agency, the
Central Bank of the Republic of Turkey,
the Revenue Administration, the Ministry of Treasury and Finance, relevant land
registry offices, tax offices,
enforcement offices, the Banking Association of Turkey, domestic and international
business partners, the Social
Security Institution, the Capital Markets Board, the Interbank Card Center,
authorized judicial authorities, the General
Directorate of Agricultural Enterprises, the Court of Accounts of the Republic of
Turkey, the Ministry of Environment
and Urbanization, and the Ministry of Treasury and Finance, İstanbul Altın
Rafinerisi A.Ş., Central Registry Agency,
Savings Deposit Insurance Fund, Türkiye Hayat Emeklilik A.Ş., Vakıf Pazarlama Sanayi
ve Ticaret A.Ş., Vakıf Finansal
Kiralama A.Ş., Vakıf Faktoring A.Ş., Türkiye İhracat Kredi Bankası A.Ş., İstanbul
Takas ve Saklama Bankası A.Ş., Türkiye
Sigorta A.Ş., service procurement suppliers, Türkiye Vakıflar Bankası Türk Anonim
Ortaklığı Pension and Health Benefits
Fund Foundation, Vakıf Yatırım Menkul Değerler A.Ş., Vakıf Gayrimenkul Değerleme
A.Ş., Private Social Security Services
Foundation, VakıfBank International A.Ş., Vakıf Portföy Yönetimi A.Ş., Vakıf
Gayrimenkul Yatırım Ortaklığı A.Ş., Vakıf
Menkul Kıymet Yatırım Ortaklığı A.Ş., Vakıf Enerji ve Madencilik A.Ş., Taksim
Otelcilik A.Ş., and their respective
suppliers and business partners.
In order to fulfill legal obligations, in particular;
- It can be transferred to the relevant public institutions for the purposes of
reporting of banking transaction records,
- Execution of EFT, remittance and Swift transactions,
- Prevention of fraud incidents in EFT and remittance transactions,
- Notification of incoming and outgoing EFT, remittance and Swift transfers,
- Completing mandatory notifications to the relevant public institutions,
- Carrying out mandatory reporting processes.
For the purpose of establishing and running a joint venture, in
particular;
- It can be transferred to the relevant business partners for the execution of the
Bank's product and service sales,
promotion and marketing activities,
- Informing the business partner banks,
- Carrying out joint commercial activities with the banks with which business
partnership is made,
- Recording the collection information in the system.
In order for our Bank to obtain the goods or services required to carry out
its commercial activities from suppliers, in
particular;
- It can be transferred to the relevant suppliers for obtaining consultancy
services on issues requiring expertise,
- Receiving support in product sales processes,
- Execution of campaign processes by the supported companies,
- Obtaining goods and services in order to carry out the Bank's internal and
external processes.
In order to carry out commercial activities in which the Bank's subsidiaries
and affiliates are required to be involved,
in particular;
- It can be transferred to our Bank's subsidiaries and affiliates for obtaining
the necessary information from the bank
subsidiary,
- Enabling the customer to trade on specific platforms,
- Enabling the customer to benefit from the services offered by the Bank's
subsidiaries and affiliates,
- Sharing customer assessments.
4.2 Transfer of Your Personal Data to Third Parties Abroad:
Your personal data may be transferred to third parties, business partners, and
authorized institutions abroad for the
purpose of conducting banking activities.
5. Rights of the Data Subject
Pursuant to Article 11 of the PDP Law, you may apply to our Bank and make requests
regarding the following issues
regarding your personal data:
a. To learn whether personal data is being processed,
b. If personal data has been processed, to request information
about it,
c. To learn the purpose of processing personal data and whether it
is being used for that purpose,
d. To learn the third parties to whom personal data is transferred,
whether domestically or abroad,
e. To request the correction of personal data if it is incomplete
or incorrect and, in this context, to request the
notification of this correction to the third parties to whom personal data has been
transferred,
f. To request the deletion, destruction, or anonymization of
personal data if the reasons requiring processing have ceased
and, in this context, to request the notification of this process to the third
parties to whom personal data has been
transferred,
g. To object to an adverse result arising from the analysis of
processed data exclusively through automated systems,
h. To Request compensation for the damages you incur as a result of
the unlawful processing of your personal data.
Our Bank will fulfill your requests arising from the PPD Law through the "Personal
Data Subject Application Form".
Personal Data Subject Application Form can be submitted in person to our branches
with identity verification documents,
or sent by notary to the address: ‘Finanskent Mahallesi Finans Caddesi No:40/1
Ümraniye/İstanbul’' or securely with an
electronic signature to vakifbank@hs01.kep.tr. Our Bank will finalize your
application requests free of charge within 30
(thirty) days at the latest, depending on the nature of the request, in compliance
with Article 13 of the PPD Law. In
case the request is rejected, the reason(s) for the rejection shall be notified to
you in writing or electronically.
This Clarification Text may be revised by our Bank when deemed necessary. In case of
revision, you will be informed
about this issue. You can access the most up-to-date version of the Privacy Notice
at https://www.vakifbank.com.tr/ .