Disclosure Of Protection Of Personal Data

We, in the capacity of data controller as Türkiye Cumhuriyeti Ziraat Bankası Anonim Şirketi ("Ziraat Bankası"), would like to inform you – pursuant to Article 10 titled "Obligation of Disclosure of the Data Controller" of the Law of Protection of Personal Data ("LPPD") numbered 6698 published in the Official Gazette numbered 29677 dated 7 April 2016 with the purpose of protecting, with respect to processing personal data, the fundamental rights and freedoms of persons, in particular the confidentiality of the private life, and determining the obligations of the real and legal persons processing personal data – about LPPD.

Ziraat Bankası maintains the system infrastructure and internet servers at the most reliable level in order to protect the customers and / or the confidentiality of the personal information that it receives from the authorized persons of the customers.

Purpose of Processing Personal Data

Ziraat Bankası processes your personal data, in accordance with the provisions on processing personal data, which are stipulated in Article 5 and 6 of LPPD, with purposes such as;

  • Fulfillment of our obligations arising from the legislation that our bank is subject to such as Banking Law, Bank Cards and Credit Cards Law, Law on Prevention of Laundering Crime Revenues, Payment and Securities Reconciliation Systems, Law on Payment Services and Electronic Money Institutions;
  • Fulfilling the information and reporting obligations as may be requested by official and administrative bodies such as Banking Regulation and Supervision Agency, Central Registry Agency Inc., Financial Crimes Investigation Board, Ministry of Finance, Credit Registration Bureau, T.R. Central Bank, BAT, Undersecretariat of Treasury;
  • Carrying out the banking activities in accordance with the Bank procedures and / or the relevant legislation;
  • Duly fulfilling the obligations under the contractual relationships;
  • With a view to being able to fulfill our obligations with respect to knowing our customers pursuant to the legislation that we are subject to, to record the information about you such as your occupation, your income status, your purpose of doing business with our bank, in particular, identification of identity and address;
  • Obtaining information of such as identification and contact, in particular, masked credit card number, vehicle license plate, and title in order to enable you to benefit from the Automatic Transition System (ATS) and the Fast Transition System (FTS), as you may request;
  • In our notification management system, keeping records of notifications such as complaints, appeals, requests, suggestions, and satisfactions to better serve you;
  • Drawing up all records and documents that would be basis of transactions in electronic (by means of SWIFT, internet / mobile banking, Units of General Directorate, Branches, kiosks, ATMs, internet branch, video transaction center, call center, and all other similar channels, etc.) or paper environment;
  • Using them in products and services that we may provide for you in our capacity of an agent;
  • Planning and execution of business activities and operational processes;
  • Carrying out and execution of customer relations;
  • Keeping the data belonging you accurate and up-to-date;
  • Evaluation of the support services as well as its obligations, customer satisfaction, its institutional communication activities,
  • Your claims and complaints conveyed via social media, and offering solutions;
  • Planning and execution of the promotional and advertising activities for increasing the volume;
  • Planning and carrying out sales and marketing activities customized for you;
  • Execution of the businesses and management of the relations which our Bank carries out through its domestic, overseas branches, and subsidiaries;
  • Carrying out the lawsuits and execution proceedings which our bank is party to;
  • Planning and execution of the processes of institutional sustainability, corporate governance, strategic planning, and information security;
  • Recording the camera images at the ATMs and branches of our bank, for security reasons and under our obligations arising from the law;

The data we process to enable the execution and implementation of contract with our customer shall be subject to exemption as stipulated in the Law.

Furthermore, even if you are not our customer, according to the Banking Ordinances, for the purpose of determinability, traceability, reportability, controllability of the risk group in which you will be included in order to determine limits of the credit line to be extended to a risk group, your personal data could be processed by our Bank.

Partnerships in which you, your spouse, your children and all of them are the member of the Board of Directors or the General Director or they or a juristic person party jointly or individually, directly or indirectly, are/is controlling or participating in their management with unlimited liabilities, and Partnerships in which they are qualified shareholders, members of the Board of Directors and a General Director of a Bank, which were controlled by these persons jointly or individual, directly or indirectly, or in which they were partner with unlimited liabilities or in which they were the member of the Board of Directors or the General Director and real and juristic person parties who are in relations with sureties, warranties, etc. at a size which shall inure and lead any one and several of them fell into insolvency, should any one of them becomes insolvent, have been constituting a risk group. In addition to those enumerated above, other real or juristic person parties who will enter into the scope of the risk group are determined by the Republic of Türkiye, Banking Regulation and Supervision Agency.

Collection of Personal Data and Legal Reason

Ziraat Bankası is able to obtain the personal data of the customer and / or customer's authorized persons via all kinds of written, verbal, and electronic media, third parties, and legal authorities.

And the legal reasons for processing personal data may be enumerated as follows: Using them in any kinds of products and services within the scope of our obligations arising from the legislation that our Bank is subject to, especially Banking Law, Commercial Code, Capital Markets Law, Law on Dissemination of Use of Tax Identification Number, Tax Procedure Law, Bank Cards and Credit Cards Law, Law on Prevention of Laundering Crime Revenues, Payment and Securities Reconciliation Systems, Law on Payment Services and Electronic Money Institutions; recording identity, address, and other necessary information for identifying the information about the owner of the transaction; drawing up all records and documents that would be basis of transaction; abiding by the obligations of information storage, reporting, and briefing required by the legislation and public authorities; being able to provide demanded products and services as well as fulfilling the contract you execute.

Sharing Your Personal Data

The persons and institutions to which the personal data can be transferred / are transferred, for the purposes stated above, to the extent permitted by the legislation and required by our business processes are the public authorities that are authorized by law to request customer information from banks,  the financial institutions, insurance companies, and other third parties that are regulated in Article 73/4 of the Banking Law, the public legal entities and institutions such as BRSA, CMB, TRCB, FCIB, BAT, BAT Risk Center, our domestic and overseas branches and subsidiaries; the third parties from which we receive service to carry out our banking activities, institutions with which cooperation is made, financial institutions like program partners.

In addition, the personal data may be shared with public institutions and other organizations due to legal obligations, as per the legislation, and may be the subject of legal reporting. In this context, sharing your personal data with official administrative authorities such as Central Registry Agency Inc., Financial Crimes Investigation Board, Ministry of Finance, Credit Registration Bureau, T.R. Central Bank, as may be requested, shall be subject to exemption, as provided for in the Law.

Storing of Your Personal Data

Your personal data may be kept for periods required by their processing objectives. If there is no other justification or legal reason, no international law or regulation, and if the obligations arising from contracts are discharged, your personal data, processing objectives of which are no longer exist, are deleted, destroyed, or rendered anonym.

Rights of the Person, Personal Data of Whom is Processed

You may use the following rights associated with processing of your personal data, through a request you are to make from your bank. Requests submitted within this scope shall be concluded by our Bank free of charge latest within thirty days. However, if a fee is envisaged by the Personal Data Protection Board, our Bank shall receive the fee indicated in the specified tariff. In this context, as the owner of the personal data you have the following rights;

  • To learn whether your personal data has been processed,
  • If your personal data has been processed, to request information in this regard,
  • To know the purpose of processing of your personal data as well as whether they are used in compliance with its purpose,
  • To know the third parties to whom your personal data is transferred within and outside the country,
  • To request correction of your personal data if they are incomplete or processed wrongly,
  • To request deletion or erasure of your personal data,
  • In the case that your personal data has been corrected, deleted, or erased, to request notification of these operations to the third parties to whom your personal data was transferred,
  • To object to the emergence of a result against you due to analysis of your processed data exclusively by means of the automated systems,
  • To claim compensation of your damages in case you incur damages due to illegal processing of your personal data,

You may convey your rights with respect to your personal data under the law numbered 6698 to our nearest branch personally by hand, or via a notary, along with documents certifying your identity and your petition containing your claim, to the address of ziraatbank@hs01.kep.tr by using secure electronic signature, mobile signature, or your e-mail address that was priorly notified to our Bank and is registered at our system.

Applications in this context shall be accepted upon verification of identity to be conducted by us, and response shall be given to the concerned persons in writing or electronically within the legal periods.