As Turkiye Finans Katılım Bankası A.Ş., protection of the rights of privacy of our customers and other related persons, ensuring information security and information protection are among our main principles.
INFORMATION ON THE PROTECTION OF PERSONAL DATA AND EXPLICIT CONSENT FORM
I. Information On The Protection Of Personal Data
This information is prepared in order to inform you about the processing of your personal data by Turkiye Finans Katilim Bankasi A.S (the Bank) acting as the data controller as per Article 10 of the Law no 6698 on the Protection of Personal Data (the Law).
In the Law, all the information relating to an identified or identifiable natural person is defined as "personal data" and the Bank carries out personal data processing activities by taking the necessary security measures to protect fundamental rights and freedoms of people, particularly the right to privacy. Our aim is to inform you about the ways in which your personal data are collected, the purposes of processing them, legal reasons, transferring of them to third persons where the legislation permits, the processing period, the security measures taken and your rights.
a) Purposes of Processing Personal Data:
Your personal data may be processed for;
Activities related to the provision of services within the scope of the activities listed in Article 4 of the Banking Law No. 5411, particularly banking services, foreign trade services, financing (loan) extension services, insurance, pension and other agency services, brokerage services, and execution, supervision, sustainability and continuity of their operational processes,
Making the necessary evaluations for the service provided; identification of the owner, authorized person and addressees of works and transactions; conducting investment processes, issuance of all records and documents that will be based on transactions to be carried out electronically or in paper; transmission of legal information that must be shared with you through your contact information; intelligence for loan transactions (Credit Bureau of Turkey information), loan history, credibility, collateral transactions and analysis of other necessary data; follow-up of loan receivables with delayed payments; sale of movable property and real estate transferred to the credit of the receivable; keeping notifications such as complaints, objections, requests, suggestions, satisfaction in our notification management system to provide you better service, to ensure the currentness and correctness of the available data, to carry out the planning and statistical activities needed by the Bank, organization and event management, conducting sponsorship and social responsibility activities,
Complying with risk monitoring and information obligations; fulfilling the control obligations stipulated by the legislation, especially the obligations regarding the internal systems, and to share them with the relevant authorities when necessary; analysis, development and application management operations of bank systems, execution/planning of information security processes, establishment, management, supervision and implementation of information systems infrastructures; Recording of camera images in the Bank's service departments and ATMs due to workplace safety practices; quality standards, security, fraud prevention, dispute resolution, recording and monitoring of communications, correspondence and transactions; in case of your consent/request in the mobile application, informing you about our branches/ATMs closest to your location, ensuring transaction security in cardless transactions carried out with QR code,
Carrying out the relations established/to be established with the contracts signed/to be signed with the Bank; regulation and execution of legal and commercial relations established between the Bank and the customer; carrying out lawsuits and enforcement proceedings to which the Bank is a party,
The organization of the bank's business processes and business activities, planning, execution and ensuring security of the operational processes and purchasing operations of the Bank; management of relationships with support service providers, business partners or suppliers, conducting post-sale support services, conducting financial and accounting transactions, preparing consolidated financial statements, carrying out processes related to payment services,
Fulfillment of data storage, reporting and providing information obligations stipulated by authorized persons, institutions and organizations,
Fulfillment of all obligations arising from domestic and international legislation and contracts,
Provided that you give explicit consent, your personal data may be processed to be used in promotion, product/service offer, marketing and campaign activities and to develop services and products suitable for you, for conducting customer satisfaction works, receiving recognitions and evaluations with surveys and other forms, measuring, analyzing, reporting and evaluating of the same, conducting customer satisfaction/loyalty studies, and for the purpose of carrying out customer relationship management processes within the personal data processing terms specified in Articles 5 and 6 of Law No. 6698.
b) Purpose of Processing the Personal Data of Those within the Same Risk Group:
Even if you are not a customer of the Bank, if you are in the same risk group as the customers of the Bank, your personal data may be processed within the framework of financing evaluations and in accordance with the Banking legislation in order to identify, define, monitor, report the said risk group, and control the financing provided to that risk group.
The term "Risk Group", in short, refers to persons that you, your spouse, your children, your parents and/or legal entities that these persons are members of the board of directors or general manager of, or control, or partners of, who have a personal guarantee, guarantee or similar relationship to such extent that the insolvency of any of them will give rise to the insolvency of one or more of the others. However, the principles regarding the determination of the Risk Group may be updated from time to time within the framework of the Banking Legislation.
c) To whom and for which purposes the processed data may be transferred:Within the framework of Article 8 of the Law No. 6698 on the transfer of personal data and Article 9 on the transfer of personal data abroad, your personal data at the Bank may be transferred to individuals/institutions in Turkey and abroad for the following purposes;
- To fulfill our legal obligations to legally authorized persons, institutions and/or organizations such as Banking Regulation and Supervision Agency, Capital Markets Board, the Central Bank of the Republic of Turkey, Revenue Administration, Financial Crimes Investigation Board, Credit Bureau of Turkey, Interbank Card Center, Social Security Institution, Financial Institutions Union,
- In order to carry out banking activities, within the limits/obligations stipulated especially the Banking Law, and also by other laws and legislations, and to the extent required by the business processes, to third parties, support service organizations, cooperated organizations,
- In order to fulfill the obligations arising from brokerage/agency law, to the persons, institutions and/or organizations that we operate in the capacity of brokerage/agency;
- To courts, law offices, asset management companies for the purpose of monitoring and execution of legal affairs,
- To the independent audit company for the purpose of auditing that the activities are conducted in accordance with the legislation,
- To correspondent banks and domestic/foreign financial institutions, in order to fulfill the obligations regarding the recognition of the persons that are parties to the transaction as per the nature of the transaction,
- To payment systems institutions and card institutions, including Electron, Europay Int.SA, Western Union, Mastercard Int. INC, Visa INC, JCB Int. Co., Maestro, and to domestic/foreign member merchants, for the execution of credit cards and money transfer processes as per the nature of the transaction.
d) Method and Legal Reason of Collecting Personal DataAccording to the nature of the relationship established between you and the Bank, your personal data is processed when it is clearly stipulated in laws, when it is required to process personal data pertaining to the parties of a contract to the extent personal data are directly related to the conclusion or execution of the contract, when it is mandatory for the Bank to fulfill its legal obligation, when it is mandatory for the establishment, exercise or protection of any right and when it is mandatory for the legitimate interests of the Bank, provided that fundamental rights and freedoms of the person concerned are not prejudiced.
Within the frame of the legal reasons listed above and upon your declarations, your personal data may be collected by the information you provide through the Bank's Head Office, Regional Offices, Branches and other service departments, real and legal persons such as support service organizations that it cooperates with/receive services/has business relationships, companies of which we carry out the transactions as intermediaries/agencies, correspondent/addressee banks, contracted dealers, customer communications, merchants and POSs, SSI records, national and international authorities/departments/institutions, system integrations between the Bank and public institutions and organizations within the boundaries of legal legislation (Identity Sharing System, Address Sharing System, Trade Registry Gazette, Land Registry and Cadastre Information System, Risk Center, Credit Bureau of Turkey, electronic pledge etc.), ATMs, internet sites, media, social media, internet banking, mobile banking, telephone banking, call center, mobile applications, security cameras belonging to Head Office, regional offices, branches and other service departments, through international money transfer such as registered electronic mail, electronic notification, electronic mail, e-mail, fax, text message and SWIFT, any notifications, applications, correspondence submitted to the Bank and by similar/other channels, wholly or partially, by automatic or non-automatic written, verbal, electronic or other means.
e) Period for processing of Your Personal Data:Your personal data will be processed for a minimum of 10 (ten) years for the periods required by the personal data processing purposes specified in this text. After the expiration of the said period, if there is a legislative provision or legal reason for the processing of the related data for a longer period, your personal data will continue to be processed during these periods as well. At the end of these mentioned periods, your personal data will be erased, destroyed or anonymized immediately.
f) Security Measures taken Regarding Your Personal Data: All necessary technical and administrative measures are taken by the Bank for the purpose of preventing the unlawful processing of, or access to your personal data and to maintain the appropriate level of security for the storage of your personal data.
g) Rights Regarding Personal Data: Within the scope of Article 11 of the Law, you have the right to learn whether your personal data are processed or not; to learn the purpose of data processing and whether your data is used for intended purposes; to know the third parties to whom your personal data is transferred at home or abroad; to request information if the personal data are processed; to request the rectification of the incomplete or inaccurate data, if any, to request the erasure or destruction of the personal data under the conditions laid down in Law; to request notification of such operations carried out to third parties to whom the personal data has been transferred; to object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavorable consequence for the data subject; and to request compensation for the damage arising from the unlawful processing of the personal data as per the Law.
You can make a request to the Bank regarding your rights listed above by filling out the Personal Data Subject Application Form published on the Bank's website by the following methods.
- It can be delivered to our branches in writing,
- It can be sent to the Bank's address via registered mail or notary public,
- You can also send this form from your Registered Electronic Mail (KEP) account to
For further information please check the Protection of Personal Data Policy available at