Skip to nav Skip to main content

Clarification Text on the Processing of Personal Data

  • Home/
  • Clarification Text on the Processing of Personal Data

​I- Purpose and Scope

This information is prepared to inform you about the processing of your personal data by Türkiye Finans Katılım Bankası A.Ş. (the "Bank"), acting as the data controller, in accordance with Article 10 of the "Personal Data Protection Law" No. 6698 (the "Law"). Our Bank conducts personal data processing activities by implementing necessary security measures to safeguard fundamental rights and freedoms, especially the right to privacy.

This Clarification Text applies to the following real persons:

Individuals who hold specific accounts and products with our Bank (for services provided within the framework of the customer relationship), individuals who make requests related to banking transactions, individuals such as guarantors, pledgers, spouses, and other related parties whose personal data are processed as part of collateral transactions, individuals visiting our Bank's headquarters, branches, or website, and individuals who are shareholders, authorized signatories, beneficiaries, legal representatives, and other officials of a legal entity that is a customer of our Bank, as well as individuals engaged in any transaction with our Bank.

II- Data Controller

Below is the information regarding our Bank in its role as Data Controller.

Title Türkiye Finans Katılım Bankası A.Ş.
TIN:0680063870
AddressSaray Mahallesi Sokullu Caddesi No:6 Ümraniye/Istanbul
III- Processed Personal Data

The personal data processed by our Bank are listed below, categorized and exemplified.

Data Category

Personal Data

Identity Information

Name, surname, TR ID no, nationality, gender, date of birth, place of birth, marital status, identity card volume number, identity card serial number, signature, mother's name, father's name, place of registration

Contact Information

Home address, work address, legal residence, email, registered email address, mobile phone number

Professional Experience Information

Occupation, educational information, educational background, work experience, diploma information

Audiovisual Information

Call center records, video call records

Customer Transaction Information

Customer number, contact number, cash register number, credit card and debit card information

Legal Action

Case file information, enforcement information, foreclosure information, criminal status, information in correspondence with judicial authorities

Financial Information

Account information, IBAN number, product information, currency

Physical Location Security

Camera recordings

Process Security

IP address, device ID, log records, password and passcode information

Risk Management

Credit debt information, information obtained through Risk Center, CBRT, KKB, KPS (Identity Sharing System), indebtedness information, score, etc. from KKB, appraisal information on collateral, vehicle information (value, model, brand) in vehicle financing processes



Sensitive Personal Data Category

Sensitive Personal Data

Health Information

Blood type (included in old ID cards), disability status information

Criminal Conviction and Security Measures

Criminal conviction, information on security measures, criminal record

Philosophical Beliefs, Religions, Sects, and Other Beliefs

Religious information (included in old ID cards)

IV- Purpose and Legal Basis

Under the Law, at least one of the legal reasons stated in the Law must be relied upon to process your personal data.  The circumstances under which we may process your personal data without your explicit consent are regulated in paragraph 2 of Article 5 of the Law.

The purposes and legal grounds for processing your personal data are detailed in the table below.


Data Category

Purpose of Processing

Legal Basis

Identity, Communication, Audiovisual Records, Finance, Customer Transaction, Process Security, Risk Management, Professional Experience Information

Delivering services in accordance with the activities outlined in Article 4 of Banking Law No. 5411, particularly banking services, foreign trade services, finance (loan) facilitation, insurance, pension, and other agency services, brokerage services, executing operational processes, conducting sustainability and continuity audits, and facilitating correspondent banking activities.

Article 5/2-a of the PDPL: Explicitly stipulated by law

Article 5/2-c of the PDPL: Processing personal data of the parties involved in a contract is necessary if it is directly related to the conclusion or performance of that contract.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Contact Information, Customer Transaction Information, Financial Information

Carrying out necessary activities and processes related to a product you hold at our Bank or your interactions with our Bank, including transactions conducted without being a customer, evaluating requested products/services, contacting you regarding these products/services, fulfilling contractual obligations, registering addressees in the Bank's systems, and conducting verification/authorized identification for transactional instructions.

Article 5/2-c of the PDPL: Processing personal data of the parties involved in a contract is necessary if it is directly related to the conclusion or performance of that contract.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Contact Information, Financial Information

Evaluating real estate sales in housing finance processes to our customers using bank financing, preparing appraisal reports, conducting title deed inquiries, managing financing payments, and contacting you about payment transactions.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Article 5/2-e of the PDPL: It is essential for the establishment, exercise, or protection of a right.

Identity Information, Contact Information, Customer Transaction Information, Financial Information, Transaction Security, Audiovisual Information

Detecting and preventing laundering proceeds of crime and financing of terrorism, and other crimes through planning, auditing, and executing information security processes.

Article 5/2-a of the PDPL: Explicitly stipulated by law

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Contact Information, Customer Transaction Information, Financial Information, Transaction Security, Audiovisual Information

Executing risk management processes, developing strategies to detect and prevent fraud, scrutinizing suspicious transactions, and conducting risk monitoring, follow-up, and reporting activities.

Managing physical space security processes, overseeing legal affairs, maintaining custody and archival activities, handling financial and accounting matters, and fulfilling obligations mandated by Banking Law No. 5411 and related agency activities.

Article 5/2-a of the PDPL: Explicitly stipulated by law

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Contact Information, Customer Transaction Information, Professional Experience Information

Meeting identification and know-your-customer requirements by recording details such as address, occupation, income status, and the purpose of transactions, while ensuring the accuracy and timeliness of your information.

Article 5/2-c of the PDPL: Processing personal data of the parties involved in a contract is necessary if it is directly related to the conclusion or performance of that contract.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Contact Information, Customer Transaction Information, Financial Information

Keeping records of your notifications—such as complaints, objections, suggestions, requests, and feedback—within our notification management system to enhance our service; executing necessary follow-up and management procedures; utilizing systems that enable the management of complaint processes; resolving your notifications and keeping you informed.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Article 5/2-e of the PDPL: It is essential for the establishment, exercise, or protection of a right.

Process Security, Audiovisual Information

Video recording with CCTV and keeping records of visits to our branches, Regional Directorate, Head Office, and ATM usage to ensure security and detect/prevent fraud.

Article 5/2-e of the PDPL: It is essential for the establishment, exercise, or protection of a right.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Contact Information, Customer Transaction Information, Financial Information

Processing money transfers and debt/invoice payment transactions you have requested.

Article 5/2-c of the PDPL: Processing personal data of the parties involved in a contract is necessary if it is directly related to the conclusion or performance of that contract.

Identity Information, Contact Information, Customer Transaction Information, Financial Information, Risk Management

If you are a natural person or a legal representative, shareholder, partner, authorized person, or agent of any customer transacting with our Bank, ensuring transaction completion.

Arranging and maintaining all commercial and legal relations with our Bank under surety provided as collateral for financing transactions, including surety, guarantor, pledge, and payment transactions, determining the owner, authorized person, and addressees of any transaction, and performing the transaction.

Article 5/2-a of the PDPL: Explicitly stipulated by law

Article 5/2-c of the PDPL: Processing personal data of the parties involved in a contract is necessary if it is directly related to the conclusion or performance of that contract.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity, Financial Information, Communication, Customer Transaction, Process Security

Managing, planning, and executing relations and processes with support service providers, business partners, or suppliers to carry out our banking activities within the legal limits/obligations set by the Banking Law and other regulations.

Article 5/2-c of the PDPL: Processing personal data of the parties involved in a contract is necessary if it is directly related to the conclusion or performance of that contract.

Article 5/2- f of the PDPL: It is necessary for the legitimate interests of the data controller, provided it does not infringe upon the fundamental rights and freedoms of the data subject.

Identity Information, Contact Information, Customer Transaction Information, Financial Information

Fulfilling information storage, reporting, and disclosure obligations as required by authorized persons, institutions, and organizations.

Article 5/2-a of the PDPL: Explicitly stipulated by law.

Article 5/2-ç of the PDPL: It is mandatory for the data controller to fulfill their legal obligations

Identity Information, Customer Transaction Information, Financial Information, Process Security

Carrying out activities to provide you with a better experience, to evaluate and improve our services and to provide the necessary service for the execution of your transactions

Article 5/2- f of the PDPL: It is necessary for the legitimate interests of the data controller, provided it does not infringe upon the fundamental rights and freedoms of the data subject.

Identity Information, Contact Information, Customer Transaction Information, Audiovisual Information, Professional Experience Information, Location, Financial Information,

Improving the quality of our products and services through promotional activities, marketing campaigns, and outreach efforts. This includes making calls for advertising and campaign purposes, sending SMS notifications, gathering your feedback through surveys and other methods, utilizing call records from the call center to enhance service quality, conducting analyses based on behavioral modeling, and providing you with tailored offers, products, and services

Article 5/1 of the PDPL:  Having explicit consent


Sensitive Personal Data Category

Purpose of Processing

Legal Basis

Health Information

Making banking services suitable for access and use by the disabled

Article 6/3-d of the PDPL: It is essential for the establishment, exercise, or protection of a right.

Criminal Conviction and Security Measures

Pursuant to Article 2 of the Check Law, applications for opening a checking account should be processed according to the criminal record.                                          

 

Article 6/3-b of the PDPL: Explicitly stipulated by law

V- Methods of Personal Data Collection

Your personal data, within the scope of the aforementioned legal reasons, are obtained in writing, verbally, visually, electronically, physically, or through other means, either fully or partially automated or non-automated, via the information you provide through the Bank's Head Office, Regional Offices, Branches, and other service units; through the real and legal persons with whom the Bank collaborates/receives services from/provides services to and is in business relationships with, such as support service organizations; through companies we operate with in the capacity of intermediary/agency; correspondent/counterpart banks; contracted dealers; customer meetings; member businesses and their POS systems; SSI records; information/documents or forms that show that third parties who identify you as authorized for transactions to be carried out with our Bank within the scope of the services requested from our Bank; through all contracts/forms and other documents related to banking services entered into with you, especially within the framework of the Banking Law No. 5411 and other legislation; through information/documents and forms submitted to our Bank by the buyer for the payment transactions to the seller's account in case of financing; through information/documents/forms to be submitted to our Bank by our customer who is a real estate buyer; through meetings held with you in real estate financing processes and through land registry system and appraisal reports; through national and international authorities/entities/institutions; within the limits permitted by legal regulations, through system integrations between the Bank and public institutions and organizations (Identity Sharing System, Address Sharing System, Trade Registry Gazette, Land Registry and Cadastre Information System, Risk Center, Credit Registration Bureau, electronic pledge, etc.); through ATMs, websites, media, social media, internet banking, mobile banking, phone banking, call centers, mobile applications, security cameras belonging to the Head Office, regional offices, branches, and other service units; through registered electronic mail, electronic notification, email, mail, fax, short message, international money transfer like SWIFT, any notifications, applications, meetings and similar/other channels made to the Bank.

VI-Transfer of Personal Data

Your personal data may be transferred, both domestically and internationally, in a limited and measured manner, in connection with fulfilling the following processing purposes in compliance with Articles 8 and 9 of the PDPL. This transfer is necessary for our banking activities and adheres to the provisions of the applicable legislation.
The parties to whom your personal data is transferred by our Bank, along with the purposes of such transfers, are outlined in the table below.


Receiving Party

Purpose of Transfer

Legally authorized public institutions and organizations, as well as other legally authorized persons, institutions, and/or organizations.

Fulfillment of our legal obligations.

Service providers, collaborating organizations, payment service providers, risk centers, and other third parties from whom services are received (such as consultants, suppliers, appraisal firms, external service providers, professional consultants).

Engaging services to facilitate our banking activities within the limitations and obligations set by the Banking Law and other relevant laws and regulations, as required by our business processes.

Judicial authorities, law offices, parties from whom we receive legal advice, notary public

Monitoring and managing legal affairs.

Independent audit companies

Supervision of the legal compliance of activities

Our Bank's main shareholder.

Execution, evaluation and risk management of relations with the main shareholder within the framework specified in the Banking Law and the relevant legislation, execution of risk, audit, operational services, custody and archive activities carried out together with the subsidiaries; execution of budget and financial reporting processes

Correspondent banks and domestic/foreign financial institutions.

Meeting the obligations related to the identification of transaction parties, as necessitated by the nature of the transaction

Card companies including Europay Int.SA, Western Union, Mastercard Int. INC, Visa INC, JCB Int. Co., Maestro, Electron; card companies; domestic/international member merchants

Facilitating credit card and payment processes due to the nature of the transaction.

Authorized representatives.

Transferring necessary information regarding banking transactions to the authorized representatives and executing the transactions

Individuals, institutions, and/or organizations for whom we act as intermediaries or agents

Fulfillment of obligations arising from our brokerage or agency law.

VII- Duration of Processing, Storage, and Destruction of Personal Data

We affirm that Türkiye Finans Katılım Bankası A.Ş. conducts its activities in accordance with the relevant legislation, particularly the Banking Law and the PDPL, with a strong commitment to the secure protection of personal data.

The Bank implements all necessary technical and administrative measures to ensure an appropriate level of security to prevent unlawful processing and/or access to your personal data and to guarantee its protection.

If all conditions necessitating the processing of your personal data cease to exist, your personal data will be deleted, destroyed, or anonymized at the conclusion of the legal retention periods established by the Banking Law No. 5411 and other applicable legislation.

VIII- Rights of the Data Subject and Application to the Data Controller

Pursuant to Article 11 of the PDPL, you may exercise the following rights by applying to our Bank:

  • Learn whether or not her/his personal data have been processed;
  • Request information as to processing if your data have been processed,
  • Learn the purpose of processing of your personal data and whether data are used in accordance with their purpose,
  • Know the third parties in the country or abroad to whom your personal data have been transferred,
  • Request rectification in case personal data are processed incompletely or inaccurately, Request the deletion or destruction of personal data,
  • In case of rectification, deletion or destruction of personal data, request notification of these transactions to third parties to whom personal data are transferred,
  • Object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems,
  • Request compensation for the damages in case you  incur damages due to unlawful processing of your personal data.

You may exercise your rights regarding your personal data in the following ways:

  • By creating a ticket at https://mmm.turkiyefinans.com.tr/,
  • By calling our Bank's Communication Center at 0850 222 22 44,
  • By submitting your request to turkiyefinans@hs03.kep.tr using your registered e-mail address,
  • By going to our branches in person,
  • By completing the Data Subject Application Form in full and sending it to our headquarters at Saray Mahallesi Sokullu Caddesi No:6 Ümraniye/Istanbul via registered mail or notary public.
  • By any other method specified in the Communiqué on the Procedures and Principles of Application to the Data Controller.

We would like to remind you that your application must include the following elements as stipulated in Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller:

  • ​Name, surname and signature if the application is in writing,
  • TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
  • Residential or workplace address for notification,
  • E-mail address, telephone and fax number for notification, if any,
  • Subject of the request.

Your request will be addressed free of charge as soon as possible and within 30 days at the latest depending on the nature of your request However, if the request necessitates an additional cost, you may be charged as per the fees specified in Article 7 of the Communiqué on Application to the Data Controller.


TOP