1. Purpose and Scope
This Data Privacy Notice Regarding Personal Data Processing (“Privacy Notice”) has been prepared in accordance with the Law on Protection of Personal Data (LPPD) numbered 6698 in order to inform you on your personal data processed by DenizBank A.Ş., methods of collecting your personal data, legal basis and purpose of processing your personal data, persons/institutions where your personal data are transferred to, purpose of transfer and the rights of the natural persons whose personal data are processed.
As DenizBank A.Ş. we act as the Data Controller as per LPPD and take necessary measures on processing and keeping your personal data.
The table below shows information on our Bank that processes your personal data.
Title DENİZBANK A.Ş.
Address Büyükdere Cad. No:141 Esentepe 34394 Şişli / İSTANBUL
Central Registry System / Registry No. 0292-0084-4960-0341 / 368587
This Data Privacy Notice is applicable to the following real persons:
Current and potential customers ("Customers”): Certain sections of the Privacy Notice may be applicable to only certain Bank customers with certain accounts and products. Such cases are explicitly explained under this Privacy Notice.
Persons who are not our customers: Persons who are not our customers refer to any person who transacts through our bank whether or not through an account, natural persons who are/will be party to any collateral allocated/to be allocated in favour of our bank (surety, guarantor, assignee/pledge debtor, spouses where sought by legislation for consent), natural persons who visit our bank website, head office or branch, natural persons who are shareholders, final real beneficiaries, Board members or representatives/authorized persons of any companies that are our customers, natural persons who carry out other transactions with our bank or our customers.
DenizBank Financial Services Group entities under this Notice refers to direct and indirect domestic and foreign subsidiaries of DenizBank and other shareholders including the shareholder together with their sister companies and subsidiaries.
2. Your Processed Personal Data
Your processed personal data are the data which are directly provided by you or the data which are indirectly provided from the relevant institutions and organizations due to your transactions. Your personal data processed by our bank are listed below on the basis of data categories:
Personal information (such as your name, surname, your mother’s maiden name, your birth date and place, your marital status, your passport information, license information or identity card number or other identification information),
Contact information (such as telephone number, e-mail address, residence address, workplace address or cell phone number),
Biometric data (such as your biometric photo or image processed during your call with our call center to become a customer for remote authentication purposes),
Transaction details (such as payments made or received by you, information on your banking transactions, customer transactions or legal proceedings, call center records, invoice, bill and cheque information, receipt information, shopping history, surveys, cookie logs, information gained through promos, etc.),
Financial information (such as bank account number, credit card or debit card number, financial history, balance sheet data, financial performance data, credit and risk information, wealth information)
Information required for realizing your collections or payments (such as invoice subscriber number, identity card number, tax identity number, license plate number, tax accrual number),
Your demographical information (such as job-profession, education level, income level (payroll or income statement)) - (The data processed by the bank within the scope of know your customer and authentication liabilities),
Your health data (processed when you purchase health / life insurance and / or private pension products), disability information, devices or prosthesis on your body,
Information about other DenizBank products and services and DenizBank credit cards that you currently hold, have applied for or had in the past
To the extent permitted by law, visual and audio records and camera footage of your telephone or video calls or your conversations at our branches/offices.
If you do not provide the personal data that we have specified to you as mandatory (that is, you must provide such data), this means that we cannot provide you with the service you have requested or fulfill all our liabilities against you.
Furthermore, we also obtain personal data about you from other sources. The data we obtain indirectly includes the following:
Your advertisement identity information which we obtain through contracted hardware and software services or when you visit our websites through browsers or information on how you use our website or mobile applications which we obtain through cookies, information on the pages you visit in these fields, your online behavior and preferences (Your sensitive data is not shared with third parties and institutions.)
Data we obtain when you contact us (for example, via social media),
During your use of our Bank's digital media such as online banking, in order to ensure your transaction security: your location, the IP address to which your device is connected, your online banking login and logout information, the type of device you use, operating system type, your password,
Information about how you use your accounts, which includes: the date, amount, currency of payments you make or receive, and who you pay or receive payment from (for example, retailers or others), etc.
Information about whether you use the products and services you have purchased from our bank,
Marketing information, for example; information on shopping history, surveys, cookie logs, information obtained via promos,
Information in correspondence with judicial authorities, information in court files.
3. Methods of Collecting Your Personal Data
We collect, use, share and keep your information in order to provide you with the products and services you requested from us and share information on services that may attract you.
Your personal data may be obtained through the following methods:
(i) Methods of Collecting Your Personal Data From You;
With non-automated methods:
When you visit our head office units, branches, kiosks (for instance, your camera records are logged through CCTVs when you visit our branches, regional offices and head office for security reasons) or use our telephone services,
When you apply for our products and services,
When you make transactions through our bank's branches and channels in order to make your collections and payments,
When you write to us (registered e-mails, electronic notifications, electronic mail, postal, fax, short messages, social media methods and other written or audio channels),
When you participate in our Bank’s contests or promos,
By managing your accounts (we may receive information such as the date, amount and currency of payments made to your account); and
When you inform us any time including those via social media channels.
With semi-automated methods;
When you download any of our mobile applications or use our kiosks, ATM’s or websites or digital services - In such cases, we may collect data about you such as your IP address, the device or software you are using or how you access these services or how you use them (We may also have other requests or we may provide you more details about how we use such data; for instance, we may ask you your location in order to find the available services around you).
(ii) Methods of Collecting Your Personal Data From Third Parties;
We can collect your personal information through the below entities and institutions or persons via partially automated methods:
Turkish Banks Association Risk Centre, or companies established by at least five banks or financial institutions as well as institutions that combat laundering proceeds of crime, financing of terrorism, corruption, bribery, fraud; private and public institutions that provide information from public or private databases – (ID Sharing System, Address Sharing System, Centralized Registry System, National Judicial Network IT System, Revenue Administration, Trade Registry Office Records, Title Deed Registry Systems, Credit Bureau, Interbank Card Centre, WorldCheck, Swift KYC, Bankers Almanac, Orbis, etc.)
Institutions that help us improve your personal data and enable us to offer you more relevant and attractive products and services
Merchants and POS devices
Ministry of Treasury and Finance of the Republic of Turkey, Directorate General of Highways, Turkish Post (PTT), invoice production companies and persons and institutions you interact with for your payments/collections
International money transfer intermediators like SWIFT
Parties that the bank receives complementary or extended services such as fax, post, cargo or courier, contracted companies and support services and outsource companies and dealerships and sales offices
Other banks and financial institutions (for instance, when you want to see their accounts in our platforms or when we query wrong payments)
Publicly available data such as media news and online records or directories
We can collect your personal information through the below entities and institutions or persons via non-automated methods:
Unions and associations such as trade and artisan chambers
Joint account holders
Persons assigned to act on your behalf
Companies you own or you are associated with – investment companies, partnerships or business partnerships along with their directors, shareholders, trustees, authorised persons or proxies
Employers
Social Security Institution
Companies whose activities we carry out with the capacity of intermediary and agency
If you give us personal data about other people (such as your family or joint account holders), or you ask us to share their personal data with third parties, you confirm that you have informed them about this Notice as to how we will use their personal data and that they understand the information in this Notice.
4. What we use your personal data for and the legal basis for doing so
We must have a legal basis (lawful reason) to process your personal data. In scope of the LPPD, when we process your personal data, we need to fulfil at least one legal basis defined for processing. We have several legal bases for the activities we carry out. Those legal bases and our purpose of processing your personal data have been explained in the table below.
Purpose of processing your personal data Legal grounds
Primarily for banking services, capital market transactions, investment products, cash management services, foreign trade services, loan procurement services, insurance, pension and other agency services and intermediary services; to offer you all our services as per transactions given under article 4 of Banking Law numbered 5411 and those in relation to banking, investment, insurance and finance products, fulfil open banking services and all transactions therein, to carry out, improve and execute operational process and also for the execution of agreements we enter into with third parties in order to offer you these products and services As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
It is in our legitimate interests to make sure that our customers are provided with a high standard of service, our customer accounts are well managed and to protect our business interests and interests of our customers.
To contact you about our products or services or about legal or legislative issues as well as about purposes of providing services As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
To manage all complaints and requests including customer relations, experience, satisfaction, complaint, objection, request and proposal along with follow up and execution of legal processes required As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations
As per article 5/2(e) of LPPD; Data processing is mandatory to establish, exercise or protect a right.
As per article 5/2 (f)* of LPPD,
It is in our legitimate interests to make sure that complaints are investigated. (So that our customers receive a high standard of service and we can prevent complaints from arising in the future.)
To check your instructions to us, to analyse, assess and improve our services, and for training and quality purposes (We may monitor or record any communications between you and us, including phone calls, for these purposes.) As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to check the orders you place at our bank, to prevent and detect fraud and other crimes, analyse, assess, improve our services to our customers, to do these for training purposes and improve the services offered to customer.
To check national and international lists as per legislation on the Prevention of Laundering Proceeds of Crime and Financing of Terrorism along with the Prevention of Weapons of Mass Destruction that our Bank is subject to, to fulfil know-your customer principle by identification, recording information such as occupation, income status and purpose of transaction to detect and confirm ID and addresses, execute compliance processes as per foreign legislation As per article 5/2(a) of LPPD; It is expressly envisaged in the laws As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to verify your ID in order to detect, prevent and analyse fraud, laundering proceeds of crime, terrorism financing and other crimes and protect our Bank.
To offer our products and services in scope of capital market activities including banking, insurance, pension, finance and investment along with products and services of other companies of DFSG or institutions we collaborate with, intermediate for or act as agency, to contact you, make offers, carry out promotion, marketing, cross sell and campaign activities and design tailored marketing and promotion activities for you Having your explicit consent as per article 5(1) of LPPD
To use the data to provide better services for you, calculate product and service priority and determine points of service (for instance, use of Q-matics) It is in our legitimate interest for our customers to receive high standard services as per article 5/2 (f)* of LPPD.
To make debt collection and exercise our other rights as per any agreements we enter into with you; also to protect ourselves against possible damages to our property rights and interests As per article 5/2(a) of LPPD; It is expressly envisaged in the laws As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to make sure we can recover the debts owned to us, as well as making sure our assets are protected.
To offer services related to insurance, investment and finance products the bank intermediates for as agency and insurance products it offers with the capacity of pledge and creditor and/or fulfil services in relation to these As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to offer you insurance products and receive price quotes on these products.
To respond to your payment order initiation and account information service requests for your accounts at other payment service providers or to offer account information and payment initiation service for your accounts at our bank (if you request information from us that a third party provider needs)
When information is requested on account movements by account holder customers at our bank and/or intermediaries they authorize with whom you have collection or payment relations via products such as money transfer, cheque, bill payment (for instance, your data (such as ID number/tax number) are indirectly sent to the counterparty through our account movement integration product) As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
To prevent and detect fraud, laundering of proceeds of crime, terrorism financing and other crimes (identity theft etc.) through planning, auditing or executing information security processes and ensuring the security of locations such as bank branches and ATMs along with bank systems and operations (for instance, we can use CCTV systems to monitor and/or collect visuals or audio records (or both) outside our office buildings or perimeters) As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to check your ID and comply with the applicable laws in order to protect our organization by preventing and investigating fraud, laundering of proceeds of crime, terrorism financing and other crimes.
To comply with currently enforced laws and regulations and collaborate with regulatory authorities and police department (to fulfil obligations arising from Banking Law, Debit Cards And Credit Cards Law, Laws And Regulations On Payment And Securities Reconciliation Systems, Payment Services And Electronic Money Institutions and legislation our bank is subject to and to keep to legislation on AML and Preventing Terrorism Financing besides domestic and international legislation) to utilize the system (“İYS”) that enable to receive commercial electronic notification approvals as per Law on Regulation of Electronic Trade numbered 6563 and the underlying Regulation on Commercial Communication and Commercial Electronic Notifications, to exercise right to refuse and manage complaint processes,
To comply with information safekeeping, reporting and notification obligations foreseen by the Banking Regulation and Supervision Agency, Capital Markets Board of Turkey, The Central Bank of the Republic of Türkiye) MASAK (Financial Crimes Investigation Board), Banks Association of Türkiye, KOSGEB, Revenue Administration, Under-secretariat of Treasury, Social Security Institution, Central Registry Agency, Turkish Ministry of Treasury and Finance, Credit Bureau, Risk Centre, TBB and other authorities,
To fulfil our identification and access obligations regulated under Regulation on Bank Information Systems and Electronic Banking Services As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to protect our organization.
To evaluate and analyse data by assessing and analysing data including credits, behaviour scoring, market research, survey and statistics studies to identify and improve the products and services to be offered to you Having your explicit consent as per article 5(1) of LPPD
To make the marketing messages/ads you receive to be more relevant and attractive to you and to perform advertising and marketing follow up and improve your experience on our mobile applications and website Having your explicit consent for sending marketing messages as per article 5(1) of LPPD.
As per article 5/2 (f)* of LPPD, it is in our legitimate interests to provide information that is more relevant to customers' circumstances.
Keeping traffic information log as per the Law on Regulating Online Publications and Combating Crimes Through these Publications numbered 5651 (“the Law”) in case internet access is used; to record and audit communication, correspondence and transactions As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 42 of Banking Law numbered 5411 and in accordance with article 17 of Regulation on Terms and Conditions of Accounting Principles of Banks and Safekeeping of Documents and based on other legislation the bank is bound by; for arranging and safekeeping all electronic (SWIFT, internet/mobile banking, head office units, branches, kiosks, ATMs, internet branch, call centre and all other similar channels) and paper records and documents associated with transactions based on the legal obligation of our bank to keep them for 10 years As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
To carry out the support services given as per the permission of BRSA on extending services and the risk, audit and operational services conducted with subsidiaries in accordance with Banking Law and other legislation for planning relations or risk management with shareholders along with preparing consolidated financial statements for main shareholders as per article 73/4 of Banking Law As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
For appraisal studies to be made by potential buyers for the purpose of 10% or more of shares in capital which are acquired directly or indirectly as per article 73/4 of Banking Law or for valuation studies to be made for assets including credits or asset backed securities As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
For appraisal, rating and independent audit activities as per article 73/4 of Banking Law As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
Even if you are not our customer, to determine the credit limits that can be lent to a risk group as per the banking legislation, your personal data can be processed to identify the risk group which you will be included in, to determine, monitor, report and control the credit limit to be lent (Article 49 of the Banking Law explains identification of risk groups. In addition to this, other real persons and legal entities to be involved in the scope of risk group are determined by Turkish Banking Regulation and Supervision Agency.) As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to protect our organization.
To notify the closest branch/ATM to your location through our website or other applications upon your request; to notify weather forecast for your location, video calls you make with agents to answer questions or carry out transactions or to develop and offer you new technologies like voice activated chatbot As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(e) of LPPD; Data processing is mandatory to establish, exercise or protect a right.
As per article 5/2 (f)* of LPPD,
it is in our legitimate interest to sustain our competitive edge besides improving and developing our products and services in order to continue offering these products and services to customers.
To contact you through mail, phone, SMS, e-mail, ATM and other digital methods.
The purpose may be the following:
To help you manage your accounts, get your instructions and document approvals
To fulfill our legal liabilities,
To provide you with bank statements and other information regarding your account or our relationship with you
To inform you on products and services you own and to send you information on products, services, awards, offers, promotions and competitions that may be of interest.
As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to share information with you on products and services that could be relevant or beneficial to you.
Having your explicit consent to inform you on products and services you own and to send you information on products, services, awards, offers, promotions as per article 5/1 of LPPD
When we send you marketing messages, you can inform us at any time that you no longer want to receive them.
After the restructuring, sale or purchasing of any DFSG companies or debts; to transfer your information to the organization to where your account is/will be transferred or to share these with that organization As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations
As per article 5/2 (f)* of LPPD, it is in our legitimate interest for any part of our organization or any DenizBank debt to be restructured or sold.
As per article 5 of Regulation on Compliance Program towards Obligations on Preventing Laundering Proceeds of Crime and Financing of Terrorism; to ensure that the compliance program of DenizBank Financial Services Group is applied across the financial group and to share information on know-your-customer, account and transactions within the group, As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to verify your ID in order to detect, prevent and analyse fraud, laundering proceeds of crime, terrorism financing and other crimes and protect our institution.
To share your information with Turkish or other related tax authorities, Banks Association of Turkey Risk Centre and companies founded by at least five banks or financial institutions, companies that combat fraud, regulatory bodies and authorities in Türkiye As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to make certain credit controls to take responsible commercial decisions. As a responsible organization, we need to ensure that we only offer appropriate products and services for individuals and that we continue to manage our services.
It is in our legitimate interest to help prevent and detect fraud and other crimes.
It is in our legitimate interest to help domestic and foreign regulatory authorities to ensure banks keep with laws and regulations.
For the management, planning and execution of relations and processes with support/outsource service providers, business partners or suppliers As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to use other organizations for them to offer services on our behalf.
For planning or execution of internal systems, IT, operations, audit, internal control, risk monitoring, risk management, ethics and financial risk processes of our bank As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
To carry out a transaction if you are a representatives/authorised person for any natural or other person to transact with or without a bank account As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
When any commercial customer requests a loan and/or investment or product; to assess the loan history, credibility and loan conditions of the owner, partner and manager of the natural person commercial customer in order to assess the request As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, İt is in our legitimate interest to make sure our Bank and assets are prudently protected.
To assess loans and collaterals, research intelligence and information and manage loan sales, allocation, lending, follow up and monitoring processes As per article 5/2(a) of LPPD; It is expressly envisaged in the laws
As per article 5/2(c) of LPPD; Processing of personal data belonging to the parties to the agreement is required, on condition that it is directly related to the establishment or performance of such agreement.
As per article 5/2(ç) of LPPD; It is mandatory for the data controller to fulfil its legal obligations.
As per article 5/2 (f)* of LPPD, it is in our legitimate interest to make sure our bank assets are protected.
*We carry out data processing activities on condition that we do not harm your fundamental rights and freedoms, as long as there is a compulsory legal reason to process the data as the data controller, as per article 5/2 (f) of LPPD.
Sensitive Personal Data
Data of persons concerning their race, ethnicity, political belief, philosophical belief, religion, sect or other beliefs, costume, foundation, association or union affiliation, health status, sexual life, conviction and security measures as well as biometric and genetic data.
We may process your sensitive personal data in the following cases:
Purpose of processing your sensitive personal data Legal grounds
We may use your biometric data for some of the purposes outlined in the previous table. If you apply to become our customer through remote identification, we will process your biometric data during the video call only if we obtain your explicit consent in accordance with Article 6 (2) of the LPPD.
Pursuant to article 6 (3) of the LPPD, we will process your biometric data without seeking your explicit consent only in cases stipulated by law.
We may use your health data for some of the purposes specified in the above table (for instance, to offer you insurance products or price quotes, to select special conditions such as Braille alphabet for account statements when system developments are made, to prepare an insurance policy draft when you buy health/life insurance and/or private pension products (and/or if needed as collateral for a loan that is allocated)) We will process your health data, if we receive your explicit consent as per article 6 (2) of LPPD.
To comply with the laws and regulations that we are subject to and co-operate with regulators and law enforcement organisations. (For example, since we are legally obliged to keep a copy of your identity card, all your data in your identity card may be processed.) It is stipulated by law as per article 6(3) of LPPD.
5. Who we will share your personal data with and For What Purposes
Your personal data is shared with the below parties, for the below reasons:
DenizBank Financial Services Group Entities.
Your personal data may be processed as per conditions set forth in article 9 on transfer of personal data abroad and article 8 on transferring personal data under LPPD in order to be used in consolidated financial statement preparations, risk management and assessment studies and registered in central information system of our shareholder for internal audit practices as per article 73/4 of banking law; to disseminate the compliance program of DFSG as per article 5 of Regulation on Compliance Program for Obligations to Prevent Laundering Proceeds of Crime and Terrorism Financing across the financial group as well as to know-the-customer and share information on accounts and transactions in the group and for support services realized as per extension permissions granted by the BRSA; by companies and persons within the company group our bank is included in, direct and indirect subsidiaries of our bank both domestic and abroad, main shareholder and other shareholders of our bank and their affiliates, employees, company officers, legal, financial and tax consultants and auditors.
You can access the title, country and address information of our bank's domestic and international affiliates, our main shareholder, holding companies and affiliates of our main shareholders and our risk group via the following link: https://www.denizbank.com/kvk/deniz-ve-destek-hizmeti-kuruluslari.aspx
With payment service providers and other agencies that help us process your payments, other financial institutions that are members of a payment program or are involved in the business of making payments required for certain types of payments; in order to provide the products and services you have received from us.
(card payment system companies that are established abroad or domestically and are included in Law numbered 6493 and other legislation including Europay INT.SA, Moneygram Group (Moneygram Payment Systems Inc. and Moneygram Turkey Ödeme Sistemleri A.Ş.), MasterCard INT.INC., Visa INC., JCB CO., LTD., Maestro, Electron)
Third Party Payment Providers. If there is need to confirm that the payment is made to the correct account, your data related to this purpose only can be shared with persons who paid into your account.
Other Banks and Financial Institutions and Merchants: If a payment is made to your account by mistake, details about you and the wrong payment can be shared with the sender banks to they can collect the said amount. Your Personal Data, which are required for electronic transfer messages regarding all kinds of money transfers to domestic and foreign accounts, including transactions to be made through banks and/or using the swift system, foreign trade transactions, sharing secure financial transaction messages; worldwide payment and credit transactions and electronic transactions, liquidation of domestic and international guarantee transactions and payment transactions and all other transactions connected with all these transactions, may be transferred to correspondent banks, international or domestic banks, merchants and financial institutions or processed for this purpose.
Independent third party service providers with whom you ask us to share data with (or third parties authorized to give orders on your behalf) (for instance service providers to initiate payments or provide account information). If we share your data with these third parties, we do not have any control on the use of them by these parties. You (or the authorized person to manage your account on your behalf) would have to settle directly with these third parties.
Companies to which you made payments through your DenizBank account and need our help to make the payment to your account at their organization (like companies that offer public services).
For instance, your personal data can be shared with Ministry of Treasury and Finance for your tax debt payments, with invoice production companies for invoice payments, with companies offering games of chance for lottery payments, with Directorate General for Highways, Turkish Post and private build/operate/transfer companies for bridge/toll payments, with persons and entities that you have relations with for your payments/collections.
Our service providers and agencies (including their sub-contractors). Your personal data can be shared with support services companies, contracted consultants, institutions, parties, suppliers, outsource providers, cloud service providers, mobile service providers authorized by IT and Communications Authority, attorneys, law offices, notaries, company auditors, independent audit, rating and appraisal companies and other professional consultants and contracted companies that complement our bank services or act as an extension.Your data can be shared with these persons and companies in order to design, develop and sustain internet based tools and applications; receive application or infrastructure (cloud) services; manage marketing activities or events and customer communication; prepare reports and statistics; confirm and detect contact information; printing materials and designing products; advertisements in applications and websites; receive legal, audit services or other specialized services; follow up and manage legal processes; audit our activities for legislative compliance; give postal services by our agencies; archive physical records; manage securitizations; offer or receive intermediary collection services.
Support Service Institutions can be classified categorically as archive services, information systems, operational services, call centre, marketing, collection management and security and you can reach them via https://www.denizbank.com/kvk/deniz-ve-destek-hizmeti-kuruluslari.aspx .
Your personal data can be shared with our business partners who offer services with, agencies and brokers who act on our behalf or who we provide products and services collectively such as insurance and intermediary, agency companies to fulfil our obligations arising from intermediary, agency activities. (for instance, hotel or airline business partners, business partners for card programs or those that have their name or logos on our credit cards or debit cards). Your data can be shared with other service providers and agencies that serve on behalf of our business partners.
Insurance providers including insurers, claims specialists and other related third parties. When you request an insurance claim, information you give to us or the insurer can be logged in records. This data can be shared with other insurers.
General Directorate of the National Lottery: Your personal data can be shared with the General Directorate of the National Lottery if you join any campaigns or raffles offered by our bank.
Public Bodies and Authorities: If we are legally obliged, your data will be shared with Banking Regulation and Supervision Agency, Personal Data Protection Authority/Board, Capital Markets Board, Central Bank of Republic of Türkiye, MASAK, Banks Association of Türkiye, KOSGEB, Revenue Administration, Under-secretariat of Treasury, Social Security Institution, Information Technologies and Communications Institution, ministries, judicial bodies, police, public prosecutors, courts and arbitration/intermediary organs that are legally authorized public or private bodies and persons indicated in article 73 of banking law.
Your personal data can be shared for the sale of our receivables or for valuation studies of our shares with third parties, possible buyers and asset management companies after any DenizBank Financial Services Group company or debt is restructured, sold or acquired.
Your personal data can be shared with anyone we transfer or assign (or may transfer and assign) our rights and obligations, as much as permitted by terms and conditions in any of your agreements signed with us.
Your personal data can be shared with the consultants you authorized to represent you (accountants, attorneys and other professionals) or any other person you indicate as authorized to place orders on your behalf and utilize accounts, products and services (e.g. with Power of attorney).
Your personal data can be shared with Turkish and foreign regulatory authorities, police department and authorized bodies in relation to combating crimes (directly or through third parties like the credit bureau) or for social and economic statistical research. Payment details may also be shared (including information on other parties’ party to the payment).
Institutions that combat fraud: If you give us wrong or false information, we will notify this to institutions that combat fraud at all times. This will enable other organizations (within and outside of Turkey) including the police department to use this information to prevent and detect fraud and other crimes.
Risk centre or companies established by at least five banks or financial institutions (Interbank Card Centre, Credit Bureau etc.) Your personal data can be shared to manage risk management and monitoring activities.
US and/or EU Corporations and Institutions: Your data on account numbers, ID information, address, scope of activity and all accounts, transactions and data can be transferred to and be processed by U.S Internal Revenue Service (IRS), European Capital Market Authority (ESMA) and/or all other US and/or EU institutions in scope of laws and regulations of United States of America (USA) Dodd Frank (Dodd Frank Wall Street Reform and Consumer Protection Act) and FATCA (Foreign Account Tax Compliance Act), ISDA (International Swaps and Derivatives Association) and European Union (EU) EMIR (European Market Infrastructure Regulation) and CRS (Common Reporting Standard) in case you are a US and/or EU real person or legal entity or you trade in US and/or EU markets or you are subject to the tax laws of US and/or EU or due to various legal requirements.Laws and regulations may oblige us to share your account information with tax authorities directly or through local tax offices. These tax offices, which we share the information with, may share the said information with other suitable tax authorities.
If you make any donations, your data can be shared with associations and foundations.
Your personal data can be shared with other third parties if you give explicit consent or upon your request.
Insured and Insurer: If you buy an insurance product within our Bank or our company group or through another company, your data can be shared with relevant insurance companies.
Details on how our insurance business partners will use your data (including the personal data you will directly give them) are given in the data privacy notices provided by insurance companies.
Domestic and international independent audit companies, rating agencies and specialized enterprises: Your data can be shared for audit, rating and credit restructuring processes and for executing assessments on the applicability of restructuring and detecting financial conditions.
If a loan you utilize from our bank is allocated to you through us indirectly from a foreign financial institution (EIB, EBRD, GGF, EFSE, IFC, EIF, AFD, Proparco; AIIB) or if funds that domestic financial institutions TKB, Turkish Eximbank, TSKB secure from abroad are allocated to you through us as an intermediating financial institution; your personal data can be shared with these financial institutions and the third parties to whom they are obliged to give information in order to carry out internal audit, internal control, risk management, risk monitoring, credit lending and credit restructuring activities.
6. Risk Centre of the Banks Association of Turkey
We conduct credit and ID controls about you together with the Risk Centre of the Banks Association of Turkey or companies established by at least five banks or financial institutions (Interbank Card Centre, Credit Bureau, etc.) as well as institutions combatting fraud. To do this, we provide the said entities with your personal data and they provide us with information about you.
In sub-paragraph h of article 3 of the Regulation on Risk Centre of the Banks Association of Turkey, Risk Centre has been defined as the centre not having a separate legal personality, established as part of the Banks Association of Turkey, in order to gather risk information about customers of crediting institutions and other financial institutions to be deemed fit by the Board, and to share such information with the said institutions and with natural persons or legal entities themselves or subject to prior consent, as stipulated in the Law numbered 6111 and Supplementary Article 1 of the Banking Law.
Article 9 of the Regulation on Risk Centre of the Banks Association of Turkey stipulates the scope, format and contents of information to be provided by members to the Risk Centre. We share your information stipulated in article 9 with the Risk Centre. From the Risk Centre, we receive your information stipulated in article 10 entitled “Sharing of Information Held by the Risk Centre with Members” of the same regulation.
Even if you are not our customer, to determine the credit limits that can be lent to a risk group as per the banking legislation, your personal data can be processed to identify the risk group which you will be included in, to determine, monitor, report and control the credit limit to be lent (Article 49 of the Banking Law explains identification of risk groups. Besides those, the Banking Regulation and Supervision Agency of the Republic of Turkey shall identify other natural and legal persons that will be included in the risk group).
7. Retention of Your Data
As per the article 42 of the Banking Law no. 5411 and provision 17 of the Article of Regulation on Terms and Procedures Regarding the Accounting Practices of the Banks and Retention of Documents, it is a legal obligation of our Bank to retain the information and documents regarding you for a period of ten years. In the event that you request that your personal data to be erased, your personal data shall be erased, destructed or anonymised at the end of a 10-year retention period, if you no longer receive services from our bank actively and all the conditions requiring processing of your data have disappeared.
8. Automated Processing
The way we analyse personal data relating to our services may involve profiling. This means that we may process your personal data using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may use profiling or other automated methods, to make decisions about you in the following cases:
Credit and solvency checks to see whether your application will be accepted
If automated processing is necessary for us to enter into a contract with you. (For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products, based on your credit history and other financial information we have collected about you),
To determine credit limits,
For controls related to prevention of laundering proceedings of crime, and checks related to financial sanctions,
To be informed about the purpose of account opening and purpose of the requested product and transaction, consider and accept the suitability of account opening request, for ID checks, customer due diligence and address controls,
Monitoring your account for fraud and other financial crime, either to prevent you committing fraud, or to prevent you becoming a victim of fraud,
Deciding whether an account is dormant (not used anymore) or not, to close if dormant,
If we have your explicit consent, to select customised offers, discounts or recommendations to send to you, based on various factors such as your credit history and how you use your accounts and products at our institution, by making an assessment on your credit and solvency,
To help you manage your financial situation by categorising your expenditures and presenting such information to you in different ways,
To help us determine our overall credit risk as a bank,
To help us specify product prices.
Pursuant to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and Law on Protection of Personal Data, you have rights related to automated decision making. As per article 11(g) of the Law on Protection of Personal Data, you may object to a consequence against you that occurs due to analysis of your personal data exclusively by automated systems. You can contact us to exercise this right.
9. Cookies
We may use cookies and similar technologies on our websites and applications as well as in our e-mails. Cookies are text files collecting small amounts of information stored in web browsers when you visit a website. You may access our cookies policy through the following link:
https://www.denizbank.com/hakkimizda/cerez-politikasi.aspx
10. Your Rights
Pursuant to article 11 of the Personal Data Protection Law, you have the following rights related to your personal data:
a) to learn whether your personal data are processed or not,
b) to request information if your personal data are processed,
c) to learn the purpose of your data processing and whether this data is used for intended purposes,
d) to know the third parties to whom your personal data is transferred at home or abroad,
e) to request correction if your personal data were processed incompletely or inaccurately and to request that third persons, to whom your personal data are transferred, get notified about the transactions carried out within this scope,
f) Despite being processed as per the provisions of the Law numbered 6698 and other relevant laws, in the event that reasons requiring the processing have disappeared, to request the erasure or destruction of your personal data and to request that third persons, to whom your personal data are transferred, get notified about the transactions carried out within this scope,
g) to object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavourable consequence for you,
h) to request compensation for the damage arising from the unlawful processing of your personal data.
Pursuant to the Law numbered 6698 on Protection of Personal Data, you can exercise your rights related to your personal data by filling out the form by choosing the sub-headings “Complaint – Retail Banking – Report Personal Data Protection Law Complaints” available at the link https://www.denizbank.com/bilgi-limani/bildirimde-bulunacagim.aspx or through one of the channels below:
By applying in person to our Head Office located in Büyükdere Cad. No: 141 34394 Esentepe – ISTANBUL or any of our branches or via notary in writing,
By sending your application by e-mail to denizbank.haberlesme@hs04.kep.tr, using your registered e-mail address,
By sending an e-mail to oncemusteri@denizbank.com, using your personal e-mail address with secure electronic signature or mobile signature or the e-mail address you used to register our system,
By contacting our Bank’s Call Centre at 0850 222 0 800,
By using another method specified within the scope of the Communiqué on the Principles and Procedures for the Request to Data Controller.
Your application must include the following:
a) Your name, surname, and signature if your application is in writing,
b) (For Republic of Turkey citizens) Your Republic of Turkey ID Number, (for foreigners) your nationality, passport number or ID number, if any,
c) Your residential or work address that is the basis for the notification,
ç) Your e-mail address, telephone number, fax number, if any, that is the basis for such reporting,
d) Subject matter of the request.
Your request shall be finalised as soon as possible and within thirty (30) days at the latest, free of charge. If transactions pertaining to your request entail a separate cost, a fee may be charged from you as per the tariff stated by the Board.