Protection of Personal Data

Protection of Personal Data

DISCLOSURE TEXT ABOUT PROCESSING OF PERSONAL DATA

This Disclosure Text About Processing of Personal Data (“Disclosure Text”) has been prepared, under the Law No. 6698 on the Protection of Personal Data (the Law), for the purpose of informing on the method of collecting personal data, the legal reason for collecting and the purposes of processing personal data, the person / institutions to whom the personal data are transferred and the purposes of transfer, the rights of the real persons whose personal data are processed included in the Law.

This Disclosure Text is valid for the following natural persons

  • All our current and potential customers (“Our Customers”),
  • Persons who are not our customers: Persons who are not our customers shall mean any real person who performs any transaction at our bank, whether connected to an account or not, any real person (surety, guarantor, pledge / assignment debtor, spouse in cases where consent is sought pursuant to legislation) who is or will be a party to any security transaction established or to be established in favor of our Bank, any real person who visits our Bank’s website, head office or branch, any real person who is a shareholder, ultimate beneficial owner, board member or representative / proxy of any company that is our customer, any real person who enters into other transactions with our bank or our customers

Data Controller: Burgan Bank Anonim Şirketi (Bank)

Your Rights

You have the following rights related to your personal data under Article 11 of the Law;

  • To find out whether your personal data has been processed;
  • If your personal data has been processed, to request information related thereto;
  • To find out the purpose of processing of your personal data and whether or not your personal data is used properly;
  • To know about third parties to whom your personal data is transferred home or abroad;
  • In case your personal data are processed incompletely or incorrectly, to request for correction of your personal data and for notification of such correction to third-parties to which your personal data are transferred;
  • In case of disappearance of the grounds that require processing of your personal data although processed in accordance with the Law No. 6698 and provisions of other relevant law, to request for deletion or destruction of your personal data and for notification of such deletion or destruction to third-parties to which your personal data are transferred;
  • To object to the emergence of any consequence against you through the analysis of your data processed exclusively by means of automatic systems;
  • If you suffer any loss and/or damage due to the unlawful processing of your personal data, to claim indemnification of losses and/or damages you have suffered;

To use your rights, you can deliver your request to our branch that is nearest to you by hand together with the documents confirming your identity or by e-mailing to burganbank@hs03.kep.tr using secure electronic signature. Your request will be concluded as soon as possible and free of charge within 30 days at the latest. If the processes for your application require any extra cost, fees set by the Board will be invoiced to you. In this context, you can communicate your demand to use your rights mentioned above to Bank in writing, via registered electronic mail, using the e-mail address declared to the Bank by you and registered in our Bank’s system after getting verified/confirmed by you or by using other methods to be determined by Personal Data Protection Board in the future, pursuant to Article 13(1) of the Law.

The above-mentioned provisions related to disclosure shall apply to real persons who have signed Banking Service Agreement in the capacity of the authorized representative of a legal person and whose data are processed. We kindly remind you that the legal person itself is responsible for providing clarification under the Law to other real persons having the capacity of legal person representative, partner, proxy, actual beneficiary whose personal data are processed by means of signature circulars, trade registry gazettes, powers of attorney, court orders, instructions, etc.

Method of Collection of Personal Data

Your personal data can be obtained directly or indirectly from the following service channels.

(i) Methods for Direct Data Collection;

  • Face-to-face service channels (directorate general and branches, direct sales teams and support service/external service organizations, companies that we carry out their operations as a mediator/agency, contracted dealers)
  • Distance service channels (via ATMs, websites, internet branches, mobile or digital applications, telephone banking, call centers, fax, SMS, Bank’s website and other websites etc and means of remote communication.)
  • With video recording in entrances and inside of directorate general, branches and ATMs through surveillance cameras.

(ii) Methods for Indirect Data Collection;

  • From risk centers or companies established by a minimum of five banks or financial institutions (Interbank Card Centre, Credit Bureau and FINDEKS etc.)
  • From other credit institutions
  • From third-parties providing support and counselling services;
  • From databases of various institutions and organizations operated by public institutions and organizations (such as KPS-Identity Sharing System, MERSIS-Central Registration System, TAKBIS-Land Registry and Cadastre Information System, UYAP-National Judiciary Informatics System) and web sites, trade registry records
  • From social media, newspapers, etc. public channels.

Legal Ground of Collecting and Purposes of Processing Personal Data

Your personal data are collected and processed by our Bank for the following purposes and legal reasons.

(i) Based on the legal grounds that are necessary for compliance with Bank’s legal obligation and expressly provided for by the laws;

  • To allow for customer due diligence, identification and verification,
  • To allow for risk monitoring and reporting to legal authorities,
  • To fulfil obligations required by all the legislations applicable as per the banking activity, particularly the Banking Law No. 5411,
  • To prevent counterfeiting/fraud,
  • To perform intra-bank operations, audit and risk management activities,
  • To ensure the accuracy and up-to-dateness of the data.

(ii) Based on the legal reason that processing personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of a contract;

  • For customer acceptance, evaluation of applications regarding banking products and services,
  • To fulfil the requirements of the product and service contracts entered into for the provision of banking services and the obligations assumed thereunder,
  • To perform credit evaluation, intelligence and information inquiries,
  • To perform the credit and collateral process, to make valuation for collateral,
  • To provide services related to insurance, investment and financial products to which Bank mediates as an agent and services related to insurance products for which Bank has pledge and creditor title and to perform transactions related thereto,
  • To fulfil the transaction in case you are a real person or a representative or proxy of any customer who performs any transaction before the bank, whether connected to an account or not,
  • For the planning and execution of procurement, support services/external service processes.

(iii) Based on the legal reason that processing of data is necessary for the legitimate interests of the Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject;

  • When a loan and / or investment product is requested by any commercial customer, for evaluation of the credit history, credibility and other information regarding credit conditions of the real person who is owner, partner and manager of the said commercial customer within the scope of the evaluation of the request,
  • In terms of real person representatives / proxies, contact persons and shareholders acting on behalf of our commercial customer, for performing contracts or taking initiatives before executing contracts to which our said commercial customers are a party and establishing contact with the said commercial customer,
  • To prevent counterfeiting/fraud,
  • To ensure security.

(iv) Based on the legal reason that data processing is necessary for the establishment, exercise or protection of any right;

  • For following and managing customer demands, objections and complaints,
  • For managing legal follow-up processes.

(v) In the presence of explicit consent;

  • In order to share with banks and financial institutions which we have correspondent relations regarding banking activities within the scope of carrying out the investigations to be carried out for the controls to prevent laundering of proceeds of crime and prevention of terrorist financing,
  • In order to share with Bank’s subsidiaries and shareholder reside in Turkey and/or abroad for the purposes of credit evaluation, performing risk management and internal audit, preparation of consolidated financial statements,
  • To make plans for customer specific products/ services/offer activities, and to perform publicity, marketing, promotion, advertisement and campaign activities related to such services and products,
  • To analyze data related to credit history, statistical data, to perform scoring, performance tracking, segmentation, modelling and profiling in order to allow Bank provide its services in the best way possible and to increase customer satisfaction,
  • To conduct market research, surveys and statistical studies to determine suitable products and services for customers,
  • To provide the privileges and facilities permitted by the legislation in terms of persons with disabilities.

To Whom and for What Purpose Personal Data Processed May Be Transferred

Your personal data are shared within the scope of the requirements specified in Article 8 and Article 9 of the Law exclusively with the parties and for the purposes set out below.

  • With public institutions and organizations and judicial authorities authorized to obtain information by law, for the purposes of reporting, conducting regulatory and audit activities, managing complaint and legal processes and so on legal reasons,
  • With risk centers or companies established by a minimum of five banks or financial institutions (Interbank Card Centre, Credit Bureau and FINDEKS etc.), for the purposes of conducting risk management and risk monitoring activities,
  • With support service/external service organizations and law offices, for the purposes of enabling them to provide support and consultancy services to Bank,
  • With domestic and international independent auditors and rating agencies and expert institutions for the purposes of carrying out audit and rating activities and in terms of loan restructuring process determination of financial situation and evaluation of effectivity of restructuring,
  • With organizations under which we operate as an agency, for the purposes of the establishment, management and termination of customer and service relationship,
  • With insurance companies for the purposes of performing insurance operations,
  • With banks and financial institutions which we have correspondent relations regarding banking activities, in order to carry out the investigations to be carried out for the controls to prevent laundering of proceeds of crime and prevention of terrorist financing,
  • With organizations issuing international cards and organizations entering into card acceptor agreements, for the purposes of the execution of debit card and credit card operations and the operation of chargeback processes,
  • With Bank’s subsidiaries and shareholder reside in Turkey and/or abroad, for the purposes of credit evaluation, performing risk management and internal audit practices, preparation of consolidated financial statements,
  • With other credit institutions, for the purposes of carrying out internal audit, internal control, risk management, risk monitoring and loan utilization (syndicated loan) and restructuring activities,
  • With asset management companies, for the purpose of sales of the Bank’s receivables,
  • With prospective buyers, for the purposes of performing valuation studies for the sale of Bank shares.