Home Page About Us Privacy and Data Protection Information On The Protection Of Personal Data Law

About Us

Information On The Protection Of Personal Data Law

CLARIFICATION TEXT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA OF TURKIYE VAKIFLAR BANKASI TURK ANONIM ORTAKLIGI

1. Purpose

Türkiye Vakıflar Bankası Türk Anonim Ortaklığı ("VakıfBank" or "the Bank") aims to process your personal data in compliance with the provisions of Law No. 6698 on the Personal Data Protection Law ("PDPL") and other relevant regulations.

We hereby inform you that your personal data that you have notified/will notify and/or obtained by our Bank externally through any means due to your utilization of the services offered by our Bank shall be;

within the framework of the purpose that requires the processing of your personal data and in connection with this purpose, in a limited and measured manner,
by maintaining the accuracy and the most up-to-date version of the personal data you have notified or as notified to our Bank,
recorded, stored, retained, reorganized, shared with the institutions authorized by law to request such personal data, transferred to domestic or foreign third parties under the conditions stipulated by the PPD Law, transferred, classified, and processed in other ways listed in the PPD Law and may be subject to other transactions listed in the PPD Law by our Bank in the capacity of "Data Supervisor".

2. Collection and Collection Procedure of Personal Data

Our bank will process your personal data for the purposes stated in this Information Notice. Any change in the purpose of processing your personal data will also require your consent. The personal data collected and used by our Bank are specifically as follows:

	Content of Personal Data
Identity Data	Documents such as driver's license, copy of identity card and passport containing information such as name-surname, Turkish ID number, tax ID number, nationality, mother's name-father's name, place of birth, date of birth, gender, and signature/ initials.
Communication Data	Data for communication such as telephone number, street address, e-mail address, residence address, workplace address, account statement sending address, etc.
Financial Data	Financial Data: Financial and salary details, monthly income information, debt information, account balance details, payrolls, housing status, interest rates, total asset value, family income information, EFT/Wire transfer details, foreign exchange transaction information, investment amount, tax office details, term/demand deposit account details, interest information, loan/credit card limit and balance information, and other financial data.
Sensitive Personal Data	Biometric Data: (fingerprint, retina, face, voice, etc.) Health report, blood type, Devices and prostheses used on the driver's license (photocopy of driver's license) Disability, invalidity and handicap status Blood group and religion on the identity card
Legal Action Data	Personal data processed within the scope of determination and follow-up of legal receivables and rights and fulfillment of debts and compliance with legal obligations and our Bank's policies, and file and debt information related to enforcement proceedings (information contained in documents such as court and administrative authority decisions).
Transaction Security Data	Personal data processed to ensure our technical, administrative, legal, and commercial security, as well as your security, while conducting commercial activities (information associated with transactions related to the individual and demonstrating the individual's authorization to carry out that transaction, such as a password, voice signature, IMEI number, authentication method, authentication code, browser type, username, fraud method, and any other data that may be collected based on fraud scenarios).
Location Data	Address information, transaction location information.
Professional Experience Data	Institution, duration of employment, type of insurance, sector of employment, title, level of education, total working time of the person concerned.
Personal Data	All kinds of personal data processed for obtaining information that will be the basis for the formation of the personal rights of real persons who are in a service relationship with our Bank (Identity information entered in the personal file, job application form, passport size photograph, education information, graduation information, diploma sample, profession, place of previous employment, resume information, private pension information).
Physical Space Safety Data	Personal data related to records and documents taken at the entrance to the physical space, during the stay in the physical space; camera recordings and records taken at the security point.
Customer Transaction Data	Account information, bank information, receiving bank information, affiliated regional directorate, cheque information, annual fee information, statement details, account transactions, EFT/transfer information, transaction details, card details and transactions, collection information, payment information, cash instructions, internet transaction information, branch information, interest usage details, loan usage details, policy information, swift transaction details, virtual pos information, collateral information.
Audio and Video Recording Data	Photographs and video recordings (excluding recordings covered by Physical Space Security Information), audio recordings (e.g. audio recordings of telephone conversations).
Other Data	Parents' names, information on military service, institution of employment, years of employment, education information, foreign language information, tax number and other tax details, intelligence and financial details, mortgage information, prohibited transactions, appraisal details, real estate office information, residence information, customer limit, sector, employee and representative information.

Your personal data is collected both before and after the establishment of the service relationship and throughout the continuation of the service relationship, through all kinds of information, documents and papers you have submitted to our Bank and obtained from third parties, the Bank's information processing system, camera records kept in all locations of the Bank.

Special Conditions for Processing Biometric Data for Remote Identity Verification Methods:

In accordance with Article 6 of the Banking Regulation on the Use of Remote Identity Verification Methods by Banks and Article 6 of the Personal Data Protection Law ("PDPL"), our bank may process your personal data, including biometric data, with your consent for the purpose of remote identity verification, which includes video calls, facial recognition, voice signatures, and other identity verification methods in telephone banking and various digital channels. This information, encompassing personal data, biometric data, and special categories of personal data, may be utilized by the bank for identity verification, marketing activities related to products and services, offering specialized products and services, and the formulation and management of bank strategies. It may also be shared with the bank's partners, subsidiaries, joint ventures, all affiliated entities, suppliers, business partners, and third parties, whether located domestically or internationally.

Special Circumstance Regarding the Identification and Assessment of Risk Groups:

The individuals and legal entities mentioned below create a 'risk group,' including but not limited to you, your spouse, your children, members of the board of directors or general managers of a legal entity controlled directly or indirectly, individually or jointly, with unlimited liability, as well as partnerships in which they hold significant stakes, members of the board of directors or general managers of partnerships controlled directly or indirectly, individually or jointly, with unlimited liability, and partnerships in which the financial difficulties of one party may lead to financial difficulties for others due to significant guarantees or similar relationships. It is determined by the Banking Regulation and Supervision Agency and even if you are not our customer, your personal data may be processed by our Bank for the purpose of determining, monitoring, reporting and controlling the risk group to which you will be included in order to determine the credit limits to be extended to a risk group according to the banking legislation.

3. Purposes and Legal Reasons For Processing Personal Data

Your Personal Data may be processed by our Bank for, but not limited to, the following purposes.

Your Personal Data (Religious information, health data, and visual data, which are considered sensitive personal data but are included in identity documents, may come indirectly from the photocopy of identity card and/or driver's license photocopy) is processed in accordance with the Law on Protection of Personal Data, Banking Law, Turkish Code of Obligations, Law on Prevention of Laundering Proceeds of Crime, Law on Debit Cards and Credit Cards, Capital Markets Law, Turkish Commercial Code, Law on Attorneys, Turkish Civil Code, Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, Enforcement, and Bankruptcy Law and Central Bank of the Republic of Turkey Law and for the purpose of fulfilling legal obligations and service contract requirements, including but not limited to the aforementioned legislation;

Printing of regular mail,
Execution of ATM operations,
Checking fraud activities in banking transactions carried out,
Execution of bank insurance transactions,
Reporting to the Banking Regulation and Supervision Board,
Reporting the incoming calls to the Customer Contact Center supported by our Bank, recording and evaluating them in our Bank's data system,
Checking the accuracy of transactions with other banks,
Receiving E-Invoice / E-Archive / E-Ledger usage commitments, preparation of E-Archive Special Integrator, E-Ledger Storage, E-Ledger Software, E-Invoice Special Integrator, E-Invoice Storage service customer protocols,
Execution of EFT and remittance transactions, preventing possible fraud incidents in EFT and remittance transactions,
Execution of bank statement printing processes,
Execution of cheque transactions,
Realization of chargeback transactions with business partners,
Legal follow-up, legal reporting, auditing, preparation of notices regarding overdue debts, reminders regarding unpaid debts, legal proceedings regarding lawsuits,
Execution of debt structuring processes,
Assignment of authorized employees for member workplaces, installation of POS devices, entry of applications, printing of statements, notification of registrations and turnovers, and execution of identification procedures,
Execution of letter of guarantee processes,
Registration of real persons with commercial activities in the system,
Notification to the Central Bank of the Republic of Turkey and the Risk Center of the Banks Association of Turkey,
Identification, filing and realization of letter of credit transactions,
Conducting sales and information transactions of products or services offered together with business partners,
Execution of deposits and withdrawals,
Providing information on customer-specific offers and opportunities and sharing them with business partners and affiliates of our Bank in order to offer banking, insurance services and financial products,
Suspicious transaction notifications,
Execution of printing, money loading and other processes of prepaid cards,
Carrying out sales and information transactions of products or services offered together with business partners,
Management of customer gold accounts, defining check integration, performing check request transactions, creating account information, performing intelligence/scoring studies, identifying discounts and exemptions, making bank profitability calculations based on customer transaction rate, conducting efficiency analysis and marketing studies,
Execution of mortgage and loan application processes,
Preparing the credit card application form, conducting the credit card application process, performing credit card debt payment transactions, preparing the credit card preliminary information form, preparing the credit card contract, making the credit card offer, performing credit card limit increase and decrease transactions and conducting credit card additional card application processes,
Carrying out mandatory notifications to the Financial Crimes Investigation Board, Revenue Administration and Ministry of Finance,
Execution of intelligence processes and customer evaluations for customers who will use loans,
Performing banking transactions via internet and mobile branches,
Performing the institution's collection processes and defining them in the system,
Realization of banking transactions within the scope of the process carried out together with business partners,
Execution of blacklist and banned customer transactions,
Execution and follow up of courier processes,
Carrying out the salary payment processes of the collaborating companies,
Performing remote identity verification and authentication processes through digital channels, including voice signature identification and verification processes in Telephone Banking.

Your personal data will be retained for a reasonable period of time as determined in the relevant legislation or until the purpose of processing is eliminated, and in any case until the statutory statute of limitations.

4. Transfer of Personal Data to Third Parties

4.1 Transfer of Your Personal Data to Domestic Third Parties;

In order to fulfill legal obligations and service contract requirements, not limited to the laws including the Banking Law, Credit Card Law, Capital Markets Law, Social Security and General Health Insurance Law, Turkish Code of Obligations, Law on Prevention of Laundering of Crime Revenues, Turkish Commercial Code, Enforcement and Bankruptcy Law, Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions Law, Occupational Health and Safety Law, and the Personal Data Protection Law, among others; your personal data may be transferred to: Istanbul Stock Exchange, the Customer Contact Center providing support, the Small and Medium Industry Development and Support Administration Presidency, the Banking Regulation and Supervision Agency, the Central Bank of the Republic of Turkey, the Revenue Administration, the Ministry of Treasury and Finance, relevant land registry offices, tax offices, enforcement offices, the Banking Association of Turkey, domestic and international business partners, the Social Security Institution, the Capital Markets Board, the Interbank Card Center, authorized judicial authorities, the General Directorate of Agricultural Enterprises, the Court of Accounts of the Republic of Turkey, the Ministry of Environment and Urbanization, and the Ministry of Treasury and Finance, İstanbul Altın Rafinerisi A.Ş., Central Registry Agency, Savings Deposit Insurance Fund, Türkiye Hayat Emeklilik A.Ş., Vakıf Pazarlama Sanayi ve Ticaret A.Ş., Vakıf Finansal Kiralama A.Ş., Vakıf Faktoring A.Ş., Türkiye İhracat Kredi Bankası A.Ş., İstanbul Takas ve Saklama Bankası A.Ş., Türkiye Sigorta A.Ş., service procurement suppliers, Türkiye Vakıflar Bankası Türk Anonim Ortaklığı Pension and Health Benefits Fund Foundation, Vakıf Yatırım Menkul Değerler A.Ş., Vakıf Gayrimenkul Değerleme A.Ş., Private Social Security Services Foundation, VakıfBank International A.Ş., Vakıf Portföy Yönetimi A.Ş., Vakıf Gayrimenkul Yatırım Ortaklığı A.Ş., Vakıf Menkul Kıymet Yatırım Ortaklığı A.Ş., Vakıf Enerji ve Madencilik A.Ş., Taksim Otelcilik A.Ş., and their respective suppliers and business partners.

In order to fulfill legal obligations, in particular;

It can be transferred to the relevant public institutions for the purposes of reporting of banking transaction records,
Execution of EFT, remittance and Swift transactions,
Prevention of fraud incidents in EFT and remittance transactions,
Notification of incoming and outgoing EFT, remittance and Swift transfers,
Completing mandatory notifications to the relevant public institutions,
Carrying out mandatory reporting processes.

For the purpose of establishing and running a joint venture, in particular;

It can be transferred to the relevant business partners for the execution of the Bank's product and service sales, promotion and marketing activities,
Informing the business partner banks,
Carrying out joint commercial activities with the banks with which business partnership is made,
Recording the collection information in the system.

In order for our Bank to obtain the goods or services required to carry out its commercial activities from suppliers, in particular;

It can be transferred to the relevant suppliers for obtaining consultancy services on issues requiring expertise,
Receiving support in product sales processes,
Execution of campaign processes by the supported companies,
Obtaining goods and services in order to carry out the Bank's internal and external processes.

In order to carry out commercial activities in which the Bank's subsidiaries and affiliates are required to be involved, in particular;

It can be transferred to our Bank's subsidiaries and affiliates for obtaining the necessary information from the bank subsidiary,
Enabling the customer to trade on specific platforms,
Enabling the customer to benefit from the services offered by the Bank's subsidiaries and affiliates,
Sharing customer assessments.

4.2 Transfer of Your Personal Data to Third Parties Abroad:

Your personal data may be transferred to third parties, business partners, and authorized institutions abroad for the purpose of conducting banking activities.

5. Rights of the Data Subject

Pursuant to Article 11 of the PDP Law, you may apply to our Bank and make requests regarding the following issues regarding your personal data:
a. To learn whether personal data is being processed,
b. If personal data has been processed, to request information about it,
c. To learn the purpose of processing personal data and whether it is being used for that purpose,
d. To learn the third parties to whom personal data is transferred, whether domestically or abroad,
e. To request the correction of personal data if it is incomplete or incorrect and, in this context, to request the notification of this correction to the third parties to whom personal data has been transferred,
f. To request the deletion, destruction, or anonymization of personal data if the reasons requiring processing have ceased and, in this context, to request the notification of this process to the third parties to whom personal data has been transferred,
g. To object to an adverse result arising from the analysis of processed data exclusively through automated systems,
h. To Request compensation for the damages you incur as a result of the unlawful processing of your personal data.
Our Bank will fulfill your requests arising from the PPD Law through the "Personal Data Subject Application Form". Personal Data Subject Application Form can be submitted in person to our branches with identity verification documents, or sent by notary to the address: ‘Finanskent Mahallesi Finans Caddesi No:40/1 Ümraniye/İstanbul’' or securely with an electronic signature to vakifbank@hs01.kep.tr. Our Bank will finalize your application requests free of charge within 30 (thirty) days at the latest, depending on the nature of the request, in compliance with Article 13 of the PPD Law. In case the request is rejected, the reason(s) for the rejection shall be notified to you in writing or electronically.
This Clarification Text may be revised by our Bank when deemed necessary. In case of revision, you will be informed about this issue. You can access the most up-to-date version of the Privacy Notice at https://www.vakifbank.com.tr/ .