We,
Türkiye Cumhuriyeti Ziraat Bankası Anonim Şirketi ("Ziraat Bankası"), as the Data Controller, would like to inform you regarding the Personal Data Protection Law ("PDPL") numbered 6698 published in the volume of the Official Gazette dated 7 April 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to determine the obligations of natural and legal persons who process personal data, pursuant to Article 10 of the Law titled “Obligation of Data Controller to Inform”
1. Purpose of Processing Personal Data, Collection Method and Legal Basis
Ziraat Bank automatically collects your identity, contact information, CV, legal transactions, customer transactions, location, camera footage, risk management information, finance, professional experience, visual and audio records, demographic information, education level and income level information during establishment of your legal relationship with our bank and during the continuation of such relationship from you, third parties and legal authorities, provided that they are via website, various contracts, ATM, mobile banking, e-mail, application forms, written or verbal communication channels with our Bank, automatically verbally, in writing or electronically and based on the legal grounds that it is explicitly set forth in laws specified in Article 5/2(a) of the Law, that it is necessary for execution or performance of the contract specified in Article 5/2(c) of the Law, that our bank fulfils its legal obligation specified in Article 5/2(ç) of the Law, that it is made public by the relevant person specified in Article 5/2(d) of the Law, that data processing is mandatory for the establishment, exercise or protection of a right specified in Article 5/2(e) of the Law and that data processing is mandatory for the legitimate interests of the data controller without prejudice to fundamental rights and freedoms of the data subject pursuant to Article 5/2(f), and processes and shares such personal data for following purposes;
- Fulfillment of our Bank's obligations arising under the Banking Law, Bank Cards And Credit Cards Law Nr 5464, Law No 5549 on Prevention of Laundering Proceeds of Crime, Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions No 6493
- Compliance of information provision and reporting obligations if required by public, administrative authorities such as Banking Regulation and Supervision Agency, Merkezi Kayıt Kuruluşu A.Ş. (Central Securities Depository of Türkiye), Financial Crimes Investigation Board (MASAK), the Ministry of Treasury and Finance, Kredi Kayıt Bürosu (Credit Bureau of Türkiye), Central Bank of the Republic of Türkiye, Bank Association of Türkiye;
- Ensuring that banking operations are carried out in accordance with the Bank's procedures and/or relevant legislation;
- Ensuring that the obligations under the contractual relationship are duly performed;
- Recording your profession, income level, and the purpose of your transactions with our Bank, in order to fulfill our obligations under the applicable legislation regarding customer due diligence, particularly for the identification and verification of your address.;
- Acquiring identity and contact details, your credit card number, vehicle's license plate and registration property certificate in particular for the purpose of enabling you to benefit from Electronic Toll Collection System (HGS) upon your demand;
- Recording feedback such as complaints, objections, requests, suggestions, satisfaction in our notification management system in order to serve you better;
- Issuance of all records and documents related to transactions either electronically (via SWIFT, Internet / mobile banking, Head Office Units, Branches, kiosks, ATMs, Internet branch, video transaction, center, call center and all other similar channels, etc.) or on a paper basis,
- Use of them for products and services which we can provide in our capacity as agent;
- Planning and execution of business activities and operational processes;
- Execution and management of customer relations;
- Ensuring that your data is kept accurate and up-to-date;
- Carrying out support services and obligations, customer satisfaction and corporate communication activities;
- Evaluating your requests and complaints received on Social Media and suggesting solutions;
- Execution of affairs conducted by our Bank with its domestic, foreign branches and affiliates and management of relations;
- Execution of lawsuits and execution proceedings to which our bank is a party;
- Planning and implementing corporate sustainability, corporate governance, strategic planning and information security processes;
- Recording of camera footage at ATMs and branches for security reasons and within scope of our obligations arising under the law.
Ziraat Bankası may need your explicit consent whilst processing your personal data for some of activities conducted by it. Your biometric data is processed based on the legal reason of your explicit consent as per article 6/3 of the Law for purposes of remote customer acquisition and identification and verification in respect of submission of instructions, requests and documents through digital channels, and your personal data related to marketing, behavior analyses, your user habits is processed based on the legal reason as per article 5/1 of the Law for purposes of planning and execution of promotion and advertisement activities intended for volume increase as well as planning and realization of sales and marketing activities that are exclusive for you.
Additionally, even if you are not a customer of ours, your personal data may be processed by our Bank in order to determine, monitor, report and control the risk group to which you will be involved in order to determine the credit limits to be extended to a risk group as per the banking legislation.
Partnerships in which you, your spouse, your children and the said persons are members of the board of directors or general managers, or in which they or a legal entity jointly or individually, directly or indirectly control or participate with unlimited liability as well as partnerships in which qualified shareholders, members of the board of directors and the general manager of a bank, they jointly or individually, directly or indirectly control or are partners with unlimited liability or in which they are members of the board of directors or general manager and any real and legal persons with surety, guarantee or similar relationships that may result in the insolvency of one or more of the others constitute a risk group. In addition to these, other real and legal persons to be included in the risk group are determined by the Banking Regulation and Supervision Agency of the Republic of Türkiye.
2. Transfer of Your Personal Data
Your personal data may be transferred to financial institutions, as provided for in Article 73/4 of the Banking Law, insurance companies, public institutions and organizations such as the BRSA, CMB, CBRT (Central Bank of Republic of Türkiye), MASAK (Financial Crimes Investigation Board), TBB (Banks Association of Türkiye), Risk Center of Banks Association of Türkiye, Ministry of Treasury and Finance, Kredi Kayıt Bürosu (Credit Bureau of Türkiye), Merkezi Kayıt Kuruluşu A.Ş. (Central Securities Depository), our domestic and international branches and subsidiaries, third parties from whom we receive services to carry out our banking activities, relevant/related parties of contracts or contractual transactions signed within the scope of our banking activities, cooperating organizations and program partners for the purposes and legal reasons set forth in Article 1 of this Clarification Text within the scope of provisions of the Law regarding the transfer of personal data and their transfer abroad.
3. Storage of Your Personal Data
Your personal data can be stored for as long as required for the purposes of their processing. If there is no other justification or legal reason, no international law or regulation, and the obligations arising from the contracts no longer exist, your personal data with no remaining purpose to process it, is erased, destructed or anonymized.
4. Rights of the Data Subject Whose Personal Data is Processed
You can exercise the following rights regarding the processing of your personal data with a request you may submit to our Bank. The requests submitted in this framework shall be concluded by our Bank free of charge within no later than thirty days. However, where the Personal Data Protection Board prescribes a fee, our Bank will charge the fee set forth in the tariff. In this framework, personal data subjects are entitled:
- To learn whether your personal data has been processed or not,
- To request information regarding processing of your personal data,
- To find out the purpose for processing of your personal data, and whether personal data of yours has been used in accordance with that purpose,
- To know the third parties to whom personal data has been transmitted at home or abroad,
- To request the correction of personal data that has been processed insufficiently or incorrectly.
- To request for erasure or destruction of your personal data,
- To request that the third parties to whom personal data have been transferred be notified of the actions regarding the correction, erasure or destruction of personal data,
- To object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
- To demand compensation of your loss if you incur any loss due to illegal processing of your personal data.
As regards to your rights concerning your personal data under Law numbered 6698, you can apply to our nearest branch in person or through a notary public with your petition containing documents proving your identity and your request, or you can submit your request to our KEP address
ziraatbank@hs.01.kep.tr.
Applications within this scope will be accepted following the identity verification to be made by us, and data subjects will be answered in writing or electronically within legal periods.
Deposit Account Application / Opening Clarification Text
We, Türkiye Cumhuriyeti Ziraat Bankası Anonim Şirketi ("Ziraat Bankası"), as the Data Controller, would like to inform you regarding the Personal Data Protection Law (“PDPL”) numbered 6698 published in the volume of the Official Gazette dated 7 April 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to determine the obligations of natural and legal persons who process personal data, pursuant to Article 10 of the Law titled “Obligation of Data Controller to Inform”, specifically for “Deposit Account Application/Opening” .
- Purpose of Processing, Collection Method and Legal Reason for Your Personal Data Processed
Within scope of “Deposit Account Application / Opening” filed with Ziraat Bankası, your personal data is collected orally, in writing or electronically from you, third parties and legal authorities via varying means such as website, various contracts, ATM, mobile banking, electronic mail, application forms, during the establishment of legal relationship and throughout the term of such relationship and categorically processed based on following purposes and legal reasons through automatic or non-automatic means via written or verbal communication channels with our Bank.
| Data Categories | Purposes of Processing | Legal Reasons |
|---|
- Your ID Details (Name & Surname, Mother's - Father's Name, Mother's Maiden Name, Date of Birth, Place of Birth, Marital Status, Serial Rank Number National ID Card, Republic of Türkiye ID number, etc.)
- Your Contact Details (Address Number, E-Mail Address, Mailing Address, Registered Electronic Mail (KEP) address, Phone number, etc.)
- Your Financial Details (Income, Balance Sheet Information, Financial Performance Information, Credit and Risk Information, Information on Movable and Immovable Properties Owned, etc.)
| - Identification,
- For the purpose of assessment of deposit account applications,
- Execution of Marketing and Engagement Processes related to Products / Services,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Conducting Activities associated with Customer Satisfaction,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
- Conducting contract processes,
- Carrying out Information Security Processes
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the deposit contract,
- Ability of our Bank to fulfil its legal obligation.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Professional Experience Information (Occupation, Title, Information on Career, Educational Background, Background Information, etc.)
| - Identification,
- For the purpose of assessment of deposit account applications,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the deposit contract,
- Ability of our Bank to fulfil its legal obligation.
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Customer Transaction Information (Call Center Records, Invoice, Bill, Promissory Note, Check Information, Information on Teller Receipts, etc.)
| - Identification,
- For the purpose of assessment of deposit account applications,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and Carrying out Legal Affairs
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining recommendations regarding improvement of business processes
- Assessment and Assuring Continuity,
- Carrying out Information Security Processes
| - When it is directly related to the execution or performance of the deposit contract,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Legal Transaction Details (information at correspondences with judicial authorities, information in the case file, etc.)
| - Carrying out information security processes,
- Conducting activities in accordance with the legislation,
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out Communication Activities
- Execution / Supervision of Business Activities
- Carrying out Activities regarding the Provision of Business Continuity
- Execution of Risk Management Processes,
- Conducting contract processes,
- Monitoring of Requests/Complaints,
- Informing Authorized Persons, Institutions and Organizations
- Carrying out customer relations management processes,
- Conducting retention and archiving activities.
| - Data processing is necessary for the establishment, exercise or protection of any right.
|
- Your Transaction Security Details (IP address information, website login logout information, password and PIN information, etc.)
| - Carrying out information security processes,
- Carrying out Access Authorizations
- Conducting activities in accordance with the legislation,
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out communication activities,
- Execution / Supervision of Business Activities
- Carrying out Activities regarding the Provision of Business Continuity
- Carrying out customer relations management processes,
- Informing Authorized Persons, Institutions and Organizations
- Execution of Risk Management Processes,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the deposit contract,
- Ability of our Bank to fulfil its legal obligation.
|
- Your Risk Management Information (Credit Score, Credit History, etc.)
| - Conducting activities in accordance with the legislation,
- Execution / Supervision of Business Activities
- Obtaining and assessing the recommendations of the improving the business processes
- Carrying out Activities regarding the Provision of Business Continuity
- Execution of Risk Management Processes,
- Informing Authorized Persons, Institutions and Organizations
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Execution of Marketing and Engagement Processes related to Products / Services,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the deposit contract,
- Ability of our Bank to fulfil its legal obligation.
|
- Conducting Marketing and Analysis Studies,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Marketing Information (Shopping History Information, Data Obtained as a Result of Analysis of Participated Surveys, Cookie Records, Information Obtained through Campaign Work, etc.)
| - Carrying out communication activities,
- Carrying out customer relations management processes,
- Execution of Customer Satisfaction Activities
- Conducting Marketing Analysis Studies
- Carrying out Advertising / Campaign / Promotion Processes
- Execution of Risk Management Processes,
- Execution of Marketing and Engagement Processes related to Products / Services,
| - In the event of Explicit Consent
|
- Your Health-related Information (Information on Disability Status, etc.)
| - Conducting contract processes,
- Conducting retention and archiving activities.
| - In the event of Explicit Consent,
- When it is clearly stipulated in laws,
|
- Your Visual and Audio Recordings (Selfie Photo; Voice Recording, etc.);
| - Carrying out information security processes,
- Conducting activities in accordance with the legislation,
- Ensuring physical location security,
- Monitoring of Requests/Complaints,
- Informing Authorized Persons, Institutions and Organizations
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the deposit contract,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
- Ability of our Bank to fulfil its legal obligation.
|
- Biometric Data (palm information, fingerprint information, retina scan information, face recognition information, etc.)
| - Carrying out information security processes,
- Carrying out Access Authorizations
- Ensuring physical location security,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out customer relations management processes,
- Conducting Activities in Accordance with the Legislation
| - In the event of Explicit Consent,
- When it is clearly stipulated in laws,
|
- Transfer of Your Personal Data
Your personal data may be transferred to financial institutions, as provided for in Article 73/4 of the Banking Law, insurance companies, public institutions and organizations such as the BRSA, CMB, CBRT (Central Bank of Republic of Türkiye), MASAK (Financial Crimes Investigation Board), TBB (Banks Association of Türkiye), TBB Risk Center, Ministry of Treasury and Finance, Kredi Kayıt Bürosu (Credit Bureau of Türkiye), Merkezi Kayıt Kuruluşu A.Ş. (Central Securities Depository), our domestic and international branches and subsidiaries, third parties from whom we receive services to carry out our banking activities, relevant/related parties of contracts or contractual transactions signed within the scope of our banking activities, cooperating organizations and program partners, and companies for which we are agents, for the purposes and legal reasons set forth in Article 1 of this Clarification Text within the scope of provisions of the Law regarding the transfer of personal data and their transfer abroad.
Your personal data can be stored for as long as required for the purposes of their processing. If there is no other justification or legal reason, no international law or regulation, and the obligations arising from the contracts no longer exist, your personal data with no remaining purpose to process it, is erased, destructed or anonymized in compliance with our Bank's Policy on Storage and Destruction of Personal Data.
- Rights of the Data Subject Whose Personal Data is Processed
You can exercise the following rights regarding the processing of your personal data with a request you may submit to our Bank. The requests submitted in this framework shall be concluded by our Bank free of charge within no later than thirty days. However, where the Personal Data Protection Board prescribes a fee, our Bank will charge the fee set forth in the tariff. In this framework, personal data subjects are entitled:
- To learn whether your personal data has been processed or not,
- To request information regarding processing of your personal data,
- To find out the purpose for processing of your personal data, and whether personal data of yours has been used in accordance with that purpose,
- To know the third parties to whom personal data has been transmitted at home or abroad,
- To request the correction of personal data that has been processed insufficiently or incorrectly.
- To request for erasure or destruction of your personal data,
- To request that the third parties to whom personal data have been transferred be notified of the actions regarding the correction, erasure or destruction of personal data,
- To object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
- To demand compensation of your loss if you incur any loss due to illegal processing of your personal data.
As regards to your rights concerning your personal data under Law numbered 6698, you can apply to our nearest branch in person or through a notary public with your petition containing documents proving your identity and your request in compliance with application conditions set forth in the Communiqué on the Procedures and Principles for Application to the Data Controller (published by the Data Protection Authority), or you can submit your request to our Bank’s KEP address
ziraatbank@hs.01.kep.tr or to the address of Head Office.
Applications within this scope will be accepted following the identity verification to be made by us, and data subjects will be answered in writing or electronically within legal periods.
Clarification Text Regarding Credit / Credit Card
We, Türkiye Cumhuriyeti Ziraat Bankası Anonim Şirketi ("Ziraat Bankası"), as the Data Controller, would like to inform you regarding the Personal Data Protection Law ("PDPL") numbered 6698 published in the volume of the Official Gazette dated 7 April 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to determine the obligations of natural and legal persons who process personal data, pursuant to Article 10 of the Law titled “Obligation of Data Controller to Inform”, specifically for "Credit/Credit Card Application."
-
Purpose of Processing, Collection Method and Legal Reason for Your Personal Data Processed
Within scope of Credit/Credit Card Application filed with Ziraat Bankası, your personal data is collected orally, in writing or electronically from you, third parties and legal authorities via varying means such as website, various contracts, ATM, mobile banking, electronic mail, application forms, during the establishment of credit relationship and throughout the term of such relationship and categorically processed based on following purposes and legal reasons through automatic or non-automatic means via written or verbal communication channels with our Bank.
| Data Categories | Purposes of Processing | Legal Reasons |
|---|
- Your ID Details (Name & Surname, Mother's - Father's Name, Mother's Maiden Name, Date of Birth, Place of Birth, Marital Status, Serial Rank Number National ID Card, Republic of Türkiye ID number, etc.)
- Your Contact Details (Address Number, E-Mail Address, Mailing Address, Registered Electronic Mail (KEP) address, Phone number, etc.)
- Your Financial Details (Income, Balance Sheet Information, Financial Performance Information, Credit and Risk Information, Information on Movable and Immovable Properties Owned, etc.)
| - Identification,
- Evaluation of Loan and Credit Card Applications,
- Execution of Marketing and Engagement Processes related to Products / Services,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Conducting Activities associated with Customer Satisfaction,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
- Conducting contract processes,
- Carrying out Information Security Processes
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the loan or credit card contract,
- Ability of our Bank to fulfil its legal obligation.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Professional Experience Information (Occupation, Title, Information on Career, Educational Background, Background Information, etc.)
| - Identification,
- Money Transfer to Bank Account and Credit Card,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the loan or credit card contract,
- Ability of our Bank to fulfil its legal obligation.
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Customer Transaction Information (Call Center Records, Invoice, Bill, Promissory Note, Check Information, Information on Teller Receipts, etc.)
| - Identification,
- Money Transfer to Bank Account and Credit Card,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and Carrying out Legal Affairs
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining recommendations regarding improvement of business processes,
- Assessment and Assuring Continuity
- Carrying out Information Security Processes
| - When it is directly related to the execution or performance of the loan or credit card contract,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Legal Transaction Details (information at correspondences with judicial authorities, information in the case file, etc.)
| - Carrying out information security processes,
- Conducting activities in accordance with the legislation,
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out Communication Activities
- Execution / Supervision of Business Activities
- Carrying out Activities regarding the Provision of Business Continuity
- Execution of Risk Management Processes,
- Conducting contract processes,
- Monitoring of Requests/Complaints,
- Informing Authorized Persons, Institutions and Organizations
- Carrying out customer relations management processes,
- Conducting retention and archiving activities.
| - Data processing is necessary for the establishment, exercise or protection of any right.
|
- Your Transaction Security Details (IP address information, website login logout information, password and PIN information, etc.)
| - Carrying out information security processes,
- Carrying out Access Authorizations
- Conducting activities in accordance with the legislation,
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out communication activities,
- Execution / Supervision of Business Activities
- Carrying out Activities regarding the Provision of Business Continuity
- Carrying out customer relations management processes,
- Informing Authorized Persons, Institutions and Organizations
- Execution of Risk Management Processes,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the loan or credit card contract,
- Ability of our Bank to fulfil its legal obligation.
|
- Your Risk Management Information (Credit Score, Credit History, etc.)
| - Conducting activities in accordance with the legislation,
- Execution / Supervision of Business Activities
- Obtaining and assessing the recommendations of the improving the business processes
- Carrying out Activities regarding the Provision of Business Continuity
- Execution of Risk Management Processes,
- Informing Authorized Persons, Institutions and Organizations
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Execution of Marketing and Engagement Processes related to Products / Services,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the loan or credit card contract,
- Ability of our Bank to fulfil its legal obligation.
|
- Conducting Marketing and Analysis Studies,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Marketing Information (Shopping History Information, Data Obtained as a Result of Analysis of Participated Surveys, Cookie Records, Information Obtained through Campaign Work, etc.)
| - Carrying out communication activities,
- Carrying out customer relations management processes,
- Execution of Customer Satisfaction Activities
- Conducting Marketing Analysis Studies
- Carrying out Advertising / Campaign / Promotion Processes
- Execution of Risk Management Processes,
- Execution of Marketing and Engagement Processes related to Products / Services,
| - In the event of Explicit Consent
|
- Your Health-related Information (Information on Disability Status, etc.)
| - Conducting contract processes,
- Conducting retention and archiving activities.
| - In the event of Explicit Consent,
- When it is clearly stipulated in laws,
|
- Your Visual and Audio Recordings (Selfie Photo; Voice Recording, etc.);
| - Carrying out information security processes,
- Conducting activities in accordance with the legislation,
- Ensuring physical location security,
- Monitoring of Requests/Complaints,
- Informing Authorized Persons, Institutions and Organizations
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the loan or credit card contract,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
- Ability of our Bank to fulfil its legal obligation.
|
- Biometric Data (palm information, fingerprint information, retina scan information, face recognition information, etc.)
| - Carrying out information security processes,
- Carrying out Access Authorizations
- Ensuring physical location security,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out customer relations management processes,
- Conducting Activities in Accordance with the Legislation
| - In the event of Explicit Consent,
- When it is clearly stipulated in laws,
|
- Transfer of Your Personal Data
Your personal data may be transferred to financial institutions, as provided for in Article 73/4 of the Banking Law, insurance companies, public institutions and organizations such as the BRSA, CMB, CBRT (Central Bank of Republic of Türkiye), MASAK (Financial Crimes Investigation Board), TBB (Banks Association of Türkiye), TBB Risk Center, Ministry of Treasury and Finance, Kredi Kayıt Bürosu (Credit Bureau of Türkiye), Merkezi Kayıt Kuruluşu A.Ş. (Central Securities Depository), our domestic and international branches and subsidiaries, third parties from whom we receive services to carry out our banking activities, relevant/related parties of contracts or contractual transactions signed within the scope of our banking activities, cooperating organizations and program partners, and companies for which we are agents, for the purposes and legal reasons set forth in Article 1 of this Clarification Text within the scope of provisions of the Law regarding the transfer of personal data and their transfer abroad.
Your personal data can be stored for as long as required for the purposes of their processing. If there is no other justification or legal reason, no international law or regulation, and the obligations arising from the contracts no longer exist, your personal data with no remaining purpose to process it, is destroyed or anonymized in compliance with our Bank's Policy on Storage and Destruction of Personal Data.
-
Rights of the Data Subject Whose Personal Data is Processed
You can exercise the following rights regarding the processing of your personal data with a request you may submit to our Bank. The requests submitted in this framework shall be concluded by our Bank free of charge within no later than thirty days. However, where the Personal Data Protection Board prescribes a fee, our Bank will charge the fee set forth in the tariff. In this framework, personal data subjects are entitled:
- To learn whether your personal data has been processed or not,
- To request information regarding processing of your personal data,
- To find out the purpose for processing of your personal data, and whether personal data of yours has been used in accordance with that purpose,
- To know the third parties to whom personal data has been transmitted at home or abroad,
- To request the correction of personal data that has been processed insufficiently or incorrectly.
- To request for deletion or destruction of your personal data,
- To request that the third parties to whom personal data have been transferred be notified of the actions regarding the correction, deletion or destruction of personal data,
- To object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
- To demand compensation of your loss if you incur any loss due to illegal processing of your personal data.
As regards to your rights concerning your personal data under Law numbered 6698, you can apply to our nearest branch in person or through a notary public with your petition containing documents proving your identity and your request in compliance with application conditions set forth in the Communiqué on the Procedures and Principles for Application to the Data Controller (published by the Data Protection Authority), or you can submit your request to our Bank's KEP address
ziraatbank@hs.01.kep.tr or to the address of Head Office.
Applications within this scope will be accepted following the identity verification to be made by us, and interested persons will be answered in writing or electronically within legal periods.
Investment Products Application /Opening Clarification Text
We, Türkiye Cumhuriyeti Ziraat Bankası Anonim Şirketi ("Ziraat Bankası"), as the Data Controller, would like to inform you regarding the Personal Data Protection Law numbered 6698 ("PDPL") published in the volume of the Official Gazette dated 7 April 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to determine the obligations of natural and legal persons who process personal data, pursuant to Article 10 of the Law titled “Obligation of Data Controller to Inform”, specifically for “Investment Products Application/Opening”.
- Purpose of Processing, Collection Method and Legal Reason for Your Personal Data Processed
Within the scope of the Investment Products Application/Opening you have filed with Ziraat Bank, during establishment of the legal relationship by our Bank and our Investment affiliate and during the continuation of such relationship, your personal data is collected from you, third parties and legal authorities through the website, various agreements, ATM, mobile banking, e-mail, application forms, institutions for which we act as intermediary for order transmission, system integrations shared through public institutions and organizations (such as the Banks Association of Türkiye Risk Center and Identity Sharing System) and is processed categorically by automatic or non-automatic means through written or verbal communication channels with our Bank, in compliance with the information and reporting obligations when requested by legal authorities such as the Banking Regulation and Supervision Agency, Merkezi Kayıt Kuruluşu A.Ş. (Central Registry Agency (MKK), the Financial Crimes Investigation Board (MASAK), the Ministry of Treasury and Finance, the Central Bank of Republic of Türkiye, Turkish Capital Markets Association (TSPB), Borsa Istanbul A.Ş. (BIST), Investor Compensation Center (YTM), Takasbank and based on purposes and legal reasons specified below.
Additionally, even if you're not one of our customers, your personal data may be processed in connection with IPO, private placement, requests for sale to qualified investors as well as bulletin subscription and demo platform use applications.
| Data Categories | Purposes of Processing | Legal Reasons |
|---|
- Your ID Details (Name & Surname, Mother's - Father's Name, Mother's Maiden Name, Date of Birth, Place of Birth, Marital Status, Serial Rank Number National ID Card, Republic of Türkiye ID number, etc.)
- Your Contact Details (Address Number, E-Mail Address, Mailing Address, Registered Electronic Mail (KEP) address, Phone number, etc.)
- Your Financial Details (Income, Balance Sheet Information, Financial Performance Information, Credit and Risk Information, Information on Movable and Immovable Properties Owned, etc.)
| - Identification,
- Managing the processes for capital market products as an intermediary for order transmission,
- For the purpose of assessment of investment account applications,
- Execution of Marketing and Engagement Processes related to Products / Services,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Conducting Activities associated with Customer Satisfaction,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
- Conducting contract processes,
- Carrying out Information Security Processes
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the investment services and activities contract,
- Ability of our Bank to fulfil its legal obligation,
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Professional Experience Information (Occupation, Title, Information on Career, Educational Background, Background Information, etc.)
| - Identification,
- Managing the processes for capital market products as an intermediary for order transmission,
- For the purpose of assessment of investment account applications,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the investment services and activities contract,
- Ability of our Bank to fulfil its legal obligation.
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Customer Transaction Information (Call Center Records, Invoice, Bill, Promissory Note, Check Information, Information on Teller Receipts, etc.)
| - Identification,
- Managing the processes for capital market products as an intermediary for order transmission,
- For the purpose of assessment of investment account applications,
- Conducting Business Activities in compliance with the Legislation,
- Conducting Customer Relations Management Processes,
- Execution of Risk Management Processes,
- Carrying out Retention and Archiving Activities,
- Monitoring of Request/Complaint,
- Informing Authorized Persons, Institutions and Organizations
- Following-up and Carrying out Legal Affairs
- Carrying out Internal Audit/Investigation/Intelligence Activities,
- Carrying out communication activities,
- Obtaining recommendations regarding Improvement of Business Processes,
- Obtaining and assessing the recommendations of the improving the business processes and Assuring Continuity,
- Carrying out Information Security Processes
| - When it is directly related to the execution or performance of the investment services and activities contract,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Conducting Marketing and Analysis Studies,
- Conducting Advertisement/Campaign/Promotion Processes,
| - In the event of Explicit Consent,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Legal Transaction Details (information at correspondences with judicial authorities, information in the case file, etc.)
| - Carrying out information security processes,
- Conducting activities in accordance with the legislation,
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out Communication Activities
- Execution / Supervision of Business Activities
- Carrying out Activities regarding the Provision of Business Continuity
- Execution of Risk Management Processes,
- Conducting contract processes,
- Monitoring of Requests/Complaints,
- Informing Authorized Persons, Institutions and Organizations
- Carrying out customer relations management processes,
- Conducting retention and archiving activities.
| - Data processing is necessary for the establishment, exercise or protection of any right.
|
- Your Transaction Security Details (IP address information, website login logout information, password and PIN information, etc.)
| - Carrying out information security processes,
- Carrying out Access Authorizations,
- Conducting activities in accordance with the legislation,
- Following-up and carrying out legal affairs,
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Carrying out communication activities,
- Execution / Supervision of Business Activities
- Carrying out Activities regarding the Provision of Business Continuity
- Carrying out customer relations management processes,
- Informing Authorized Persons, Institutions and Organizations
- Execution of Risk Management Processes,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the investment services and activities contract,
- Ability of our Bank to fulfil its legal obligation,
|
- Your Risk Management Information (Conformity Test related to the Investment, Precautionary Measure, etc..)
| - Conducting activities in accordance with the legislation,
- Execution / Supervision of Business Activities
- Obtaining and assessing the recommendations of the improving the business processes
- Carrying out Activities regarding the Provision of Business Continuity
- Execution of Risk Management Processes,
- Informing Authorized Persons, Institutions and Organizations
- Carrying out Internal Audit/Investigation/Intelligence Activities
- Execution of Marketing and Engagement Processes related to Products / Services,
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the investment services and activities contract,
- Ability of our Bank to fulfil its legal obligation,
|
- Conducting Marketing and Analysis Studies,
| - In the event of Explicit Consent,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
|
- Your Health-related Information (Information on Disability Status, etc.)
| - Conducting contract processes,
- Conducting retention and archiving activities.
| - In the event of Explicit Consent,
- When it is clearly stipulated in laws,
|
- Your Visual and Audio Recordings (Selfie Photo; Voice Recording, etc.);
| - Carrying out information security processes,
- Conducting activities in accordance with the legislation,
- Ensuring physical location security,
- Monitoring of Requests/Complaints,
- Informing Authorized Persons, Institutions and Organizations
| - When it is clearly stipulated in laws,
- When it is directly related to the execution or performance of the investment services and activities contract,
- Processing of data is necessary for the legitimate interests of our Bank, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
- Ability of our Bank to fulfil its legal obligation,
|
- Transfer of Your Personal Data
Your personal data may be transferred to financial institutions, as provided for in Article 73/4 of the Banking Law, insurance companies, public institutions and organizations such as the BRSA, CMB, Central Bank of Republic of Türkiye (CBRT), TBB (Banks' Association of Türkiye), TBB Risk Center, Ministry of Treasury and Finance, Credit Bureau of Türkiye (KKB), Central Registry Agency (CRA), Financial Crimes Investigation Board (MASAK), Turkish Capital Markets Association (TSPB), Borsa Istanbul A.Ş. (BIST), Investor Compensation Center (YTM), Takasbank our domestic and international branches and subsidiaries, third parties from whom we receive services to carry out our banking activities, relevant/related parties of contracts or contractual transactions signed within the scope of our banking activities, cooperating organizations and program partners, and companies for which we are agents, for the purposes and legal reasons set forth in Article 1 of this Clarification Text within the scope of provisions of the Law regarding the transfer of personal data and their transfer abroad.
- Storage of Your Personal Data
Your personal data can be stored for as long as required for the purposes of their processing. If there is no other justification or legal reason, no international law or regulation, and the obligations arising from the contracts no longer exist, your personal data with no remaining purpose to process it, is destroyed or anonymized in compliance with our Bank's Policy on Storage and Destruction of Personal Data.
- Rights of the Data Subject Whose Personal Data is Processed
You can exercise the following rights regarding the processing of your personal data with a request you may submit to our Bank. The requests submitted in this framework shall be concluded by our Bank free of charge within no later than thirty days. However, where the Personal Data Protection Board prescribes a fee, our Bank will charge the fee set forth in the tariff. In this framework, personal data subjects are entitled:
- To learn whether your personal data has been processed or not,
- To request information regarding processing of your personal data,
- To find out the purpose for processing of your personal data, and whether personal data of yours has been used in accordance with that purpose,
- To know the third parties to whom personal data has been transmitted at home or abroad,
- To request the correction of personal data that has been processed insufficiently or incorrectly.
- To request for deletion or destruction of your personal data,
- To request that the third parties to whom personal data have been transferred be notified of the actions regarding the correction, deletion or destruction of personal data,
- To object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
- To demand compensation of your loss if you incur any loss due to illegal processing of your personal data.
As regards to your rights concerning your personal data under Law numbered 6698, you can apply to our nearest branch in person or through a notary public with your petition containing documents proving your identity and your request in compliance with application conditions set forth in the Communiqué on the Procedures and Principles for Application to the Data Controller (published by the Data Protection Authority), or you can submit your request to our KEP adresses
ziraatbank@hs.01.kep.tr or
ziraat.yatirim@hs02.kep.tr or Head Office addresses of our Bank or affiliate, respectively.
Applications within this scope will be accepted following the identity verification to be made by us, and data subjects will be answered in writing or electronically within legal periods.
