1. The Data Controller
As Anadolubank Anonim Şirketi (“Anadolubank” or “Our Bank”), we show the necessary sensitivity regarding the security and confidentiality of your personal data and your sensitive personal data. This disclosure text which was prepared within the framework of the Communiqué On Principles And Procedures To Be Followed In Fulfillment of the Obligation to Inform and as the "Data Controller", which we assumed within the framework of Article 10 of the Law on the Protection of Personal Data No. 6698 ("Law"), aims to provide you with information regarding your personal data.
With this Disclosure Text, we provide information about what the personal data processed by our Bank means, the purposes of processing and transferring your data, the reasons for compliance with the regulation under the Law No. 6698, the methods of collecting your data, the measures taken to protect your data, as well as the retention period of your personal data.
2. The Nature of Your Personal Data Processed
Although it may vary according to the products and services offered or activities carried out; our Bank processes the following general and special personal data in order for our Bank to provide its services to you in the best way possible;
• Your Data on Your Identity (Although considered as special personal data, information on your religion, health, and visual appearance may happen to be included in your identification documents, which may indirectly come from a photocopy of your identity card and/or a photocopy of your driver's license. In the processes where it is legally mandatory to take the photocopy of your ID, no additional processing is carried out by our Bank concerning the information considered as special personal data on our systems, such as your blood type, information about your religion, and your photo found in your ID, hence your physical appearance. Although the image appearing on your ID document is included in the system, necessary efforts are carried out in our systems to blackout your special personal data appearing on the photocopy of your ID.)
• Your Contact Information
• Data on Your Education, Work, and Professional Life
• Data on Your Family Status
• Data on Your Location
• Data Regarding Your Financial Transactions at Our Bank
• Data on Financial Products You Hold, Your Financial Status, and Assets
• Data on Your Digital Media Usage
• Data on Your Risk Management and Financial Security Affairs
• Your Visual and Audio Records Taken for the Security of Bank Premises and Transaction Security
• Data on Your Transaction Security and Cyber Security of the Bank
• Data on Your Requests/Complaints
• Data on Your Legal Transactions
• Your Signature
• Data on Your Health
3. Legal Grounds and Reasons for Processing Your Personal Data
Your personal data and your special personal data listed in Article 2 are processed in connection with the following legal grounds and reasons, in a limited and measured manner, and in accordance with the principles set forth in Article 4 of the Law on the Protection of the Personal Data.
Your data is processed, when;
Based on the legal grounds that the Bank, as a data controller, is required to fulfill its legal obligations and that this condition is clearly stipulated in the laws, relevant legislation, and administrative authority decisions, for the purpose of;
• Ensuring that the data is accurate and up-to-date,
• Assuring that the Bank's activities are carried out in accordance with the relevant legislation,
• Giving information to authorized persons or organizations as stipulated in the legislation,
• Preventing financial fraud, money laundering, financing of terrorism, and related criminal attempts targeting service channels and customer assets, as well as fraudulent transactions from other banks by using the information of the defrauded customers, following up of the fraudulent transactions by our Bank, and sharing data with other institutions and organizations for this purpose,
• Keeping internet network access records of our Bank in accordance with Law No. 5651,
• Fulfilling the Bank's operational risk and financial risk processes,
• Fulfilling the risk management processes related to the products or services offered,
• Identifying risk groups within the framework specified in the Banking Law,
• Performing necessary operational activities regarding unethical behavior or misconduct cases related to employees,
• Planning or executing the Bank's audit and ethics activities,
• Carrying out internal audit/internal control/investigation/ethics activities ex officio or upon complaint,
• Fulfilling risk, audit, and operational activities carried out with subsidiaries within the framework specified in the Banking Law,
• Planning, auditing or execution of information security processes,
• Creating or managing the information technology infrastructure,
• Planning and execution of employees' access to information,
• Following-up of finance, invoice or accounting affairs,
• Credit monitoring (payment transactions tracking),
• Planning or executing information access authorizations of business partners or suppliers,
• Ensuring the security of the Bank's systems and operations,
• Ensuring the security of the Bank's premises and facilities.
Also, when;
Based on the legal grounds that the processing of your personal data is necessary due to the fact that it is directly related to the drawing up or execution of a contract, and on the legal grounds that it is necessary for the data controller to fulfill its legal obligations, your data is processed for the purpose of;
• Following up on contract processes and legal demands,
• Providing customer relationship management,
• Planning and execution of the processes of providing the customers with tools or information suitable for the channels that the customers will use in accessing or using the products or services,
• Creation and following up on application processes for products or services,
• Establishing and monitoring the allocation or evaluation processes of products or services,
• Creation and follow-up of the processes for the use of products or services,
• Mutual reconciliation and payments of domestic and international credit card, POS, and ATM transactions,
• Management of relationships with support service providers, business partners or suppliers,
• Creation and execution of the loan application processes,
• Creation and execution of the credit evaluation and allocation processes,
• Creation and execution of the loan disbursement processes,
• Carrying out the customer's insurance processes,
• Performing after-sales support services activities,
• Planning and execution of purchasing processes,
• Planning and execution of supply chain management processes,
• Planning and executing the processes related to the products and services offered by the Bank's subsidiaries/collaborators/intermediaries and agencies or by the Bank,
• Planning and executing sales activities of products or services offered by our Bank's subsidiaries, to the extent permitted by the legislation.
Also, when;
In the capacity of the Bank as the Data Controller, on the basis of legal grounds that data processing is mandatory for its legitimate interests, provided that it does not harm your fundamental rights and freedoms, your personal data is processed for the purpose of;
• Ensuring the security of the Bank's facilities and fixtures,
• Creating records for tracking the entry and exits of the visitors,
• Planning and execution of market research activities,
• Realizing social responsibility and non-governmental activities,
• Carrying out sponsorship activities,
• Planning business activities and performing efficiency/productivity analyses,
• Making plans, profiling, and creating segmentation for the products and services to be offered in a better manner,
• Preparing in-bank reports and analyses, as well as measuring and evaluating sales performances,
• Ensuring business continuity,
• Realizing corporate communication and corporate governance activities,
• Performing logistics activities,
• Execution of operation or efficiency processes,
• Realization of projects in line with the objectives of the bank,
• Managing relations with business partners and suppliers,
• Execution of strategic planning activities,
• Making or executing budget studies,
• Management and control of relations with affiliates,
• Planning and execution of emergency processes.
Also, when;
Data processing is mandatory for the establishment, exercise or protection of a right, based on legal grounds, your personal data is processed for the purpose of;
• Concluding/following up customer requests and/or customer complaints,
• Follow-up of legal processes.
On the other hand, if you have given your express consent, your personal data is processed for the purpose of;
• Executing marketing activities related to banking, finance, investment, or insurance products or services,
• Planning or executing cross-selling activities related to the products offered by our Bank,
• Planning and executing activities aimed at promoting and increasing the use of the products and services offered with the institutions that the Bank is subsidiary/cooperating with/mediating and acting as an agency,
• Planning and execution of the marketing activities of the products and services of the institutions of the Bank's subsidiaries/collaborators/intermediaries, and agencies,
• Planning or performing activities for customer satisfaction,
• Carrying out personalized marketing or promotional activities,
• Processing of the data on disability status, for the performance of our official service obligations towards our disabled customers,
• Processing of the health data, for transactions in accordance with the Regulation on Accessibility of Banking Services to be carried out and/or for the insurance policies to be created by our Bank if you purchase insurance services from our Bank as an Insurance Agency,
• Conducting data analytics studies for marketing purposes,
• Execution of the processes of creating or increasing loyalty to the products and services offered by our Bank,
• Designing or executing marketing and promotion/advertising activities in digital or other media,
• Processing association membership information for the membership fees/subscriptions of the association to be paid or for any banking transaction indicating the membership of the association to be carried out,
• Realization of campaigns or promotional activities.
Your special personal data are only processed if you have given your express consent or if it is expressly stipulated in the laws that our Bank is subject to.
4. Transferal of Your Personal Data
We share your personal data with the following, for the purposes described in Article 3 of this Disclosure Text, based on the reason that they are required to be transferred and limited for this reason only;
Within the scope of the law and related regulations; with supervisory and regulatory Public Institutions and Organizations, with independent auditors, with domestic and foreign banks, with insurance companies and agencies, with companies providing mortgage services, with asset management companies, with third parties, including lawyers, from whom we receive consultancy services, with other companies from which we receive support services within the scope of banking legislation, with Anadolubank's subsidiaries, group companies or judicial authorities, with service providers we have contracted with, with companies from which we receive support services, with business partner, with international credit card associations and organizations with which member business place agreements are drawn, and with third parties and institutions, including banks and financial institutions residing abroad or in Turkey, for the execution of all kinds of money transfers to domestic or foreign accounts, foreign trade transactions, and transactions related to these transactions, including transactions made through banks and/or the Swift system, in case if there is at least one of the following legal reasons is present:
• Having your express consent,
• Fulfilling our rights or obligations specified in laws or regulations, communiqués, administrative authority decisions, and other relevant secondary legislation,
• When the data transfer is necessary, provided that it is directly related to the establishment or execution of the contracts concluded with our Bank,
• When the data transfer is mandatory for the establishment, exercise, or protection of a right,
• When the data transfer is mandatory for the legitimate interest of our Bank, provided that it does not harm your fundamental rights and freedoms.
However, we share your sensitive personal data only if you have given your express consent or if it is expressly stipulated in the laws that our Bank is subject to.
The transfer of your personal data abroad is subject to your express consent. However, we transfer your data abroad provided that at least one of the legal grounds for processing the data listed above is met, the party to which the data will be transferred and our Bank both take the measures specified in the legislation, and the transfer is approved by the Personal Data Protection Authority, on the condition that it is only limited to the relevant legal grounds.
5. Method of and Legal Grounds for Collecting Your Personal Data
Your personal data can be collected by automatic or non-automatic means, in accordance with the basic principles stipulated in the Law, as required for the establishment and/or execution of the contract, for the reasons stipulated in the laws, legal obligations, legitimate interest of the data controller or protection of rights, with the methods listed below.
Your personal data is collected in physical or electronic media, verbally or in writing, through the following channels, such as our Headquarters, Branches, call centers, ATMs, internet branches, Institutions and Organizations authorized in accordance with the relevant legislation, contracted institutions and companies, institutions and companies with whom we established business partnerships, companies that we carry out activities as their intermediary/agency, social media channels, SMSs, in meetings held with customers, mobile applications, member businesses, Anadolubank's software and applications, and cargo companies.
6. Period of Processing and Retention of Your Personal Data
Your personal data is processed as long as the contract in force between you and our Bank is not terminated.
After the expiry of this period, your data will continue to be processed or stored if there is any legislative provision, the Banking Law being the first and foremost, that allows or obliges the processing of the relevant data for a longer period of time, or if there are any legal grounds for data processing is present. At the end of these periods, your personal data will be deleted, destroyed, or anonymized.
7. Measures Taken to Protect Your Personal Data
Our Bank takes the highest level of security measures possible for the purpose of processing, storing, transferring, and protecting your personal data, in accordance with the relevant Law.
8. Your Rights Regarding the Protection of Your Personal Data
Within the scope of the Law on Protection of Personal Data No. 6698, you have the following rights;
• Knowing whether your personal data is processed or not,
• If your personal data have already been processed, requesting information regarding that,
• Knowing the purpose of processing your personal data and whether your data is used according to the intended purpose or not,
• Learning the identities of the third parties at home or abroad to whom your personal data is transferred,
• In case your personal data is processed incompletely or incorrectly, requesting their correction,
• Requesting your personal data to be deleted or destroyed,
• In case your personal data is processed incompletely or incorrectly, requesting the third parties to whom your personal data has been transferred to be notified, regarding actions carried out for their correction and/or for their deletion or destruction,
• Objecting, in case an outcome against you arises as a result of the processing of your personal data by analyzing it exclusively through automated systems,
• In case you suffer any damages due to unlawful processing of your personal data, requesting the compensation of the damage.
Within the scope of the law, you can submit your petitions regarding your personal data as follows;
• With a writing signed with a secure electronic signature, sent from the registered e-mail (REM) address of the data owner to anadolubank@hs02.kep.tr address,
• Via a notary public, to the Personal Data Management Department of Anadolubank A.Ş. General Directorate located at Saray Mahallesi, Toya Sokak, No:3 Ümraniye/Istanbul, in writing, or;
• By applying to our branches with documents ascertaining your identity.
Our Bank will finalize petition applications within 30 (thirty) days at the latest, depending on the nature of the request, in accordance with Article 13 of the Law. If the transaction brings cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board. If the request is rejected, the justification of the reason(s) for the rejection will be sent in writing or electronically.
For the purpose of responding to the applications, our Bank may request additional information and documents to verify your identity as well as to clarify your request. If the said information and documents are not shared, your application may not be answered in order to ensure the security of your data.
In accordance with the relevant article of the Communique on the Procedures and Principles of Application to Data Controller dated 10 March 2018, applications are accepted in Turkish language only.
