Become A Customer
SOLUTİONS SPECİAL FOR YOU
OUR PRODUCTS AND SERVICES
SOLUTİONS SPECİAL FOR YOU
OUR PRODUCTS AND SERVICES
About Us

Protection of Personal Data

Vakıf Katılım Bankası A.Ş. Clarification Text Regarding the Processing of Personal Data

As Vakıf Katılım Bankası A.Ş. (“Bank”), we care about your personal data and its protection and present this customer disclosure text prepared by Vakıf Katılım Bankası A.Ş., acting in the capacity of the Data Controller, within the scope of the 10th Article of the Law No: 6698 on Protection of Personal Data (“LPPD”/“Law”) and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform.

Your personal data are processed by taking the necessary security measures to protect fundamental rights and freedoms in order to ensure that our Bank can provide the best service to its customers, within the framework of our obligations arising from the Banking Law No: 5411, Law No: 6698 on the Protection of Personal Data (“LPPD”/“Law”). As explained in this clarification text, your personal data and sensitive personal data may be recorded, archived, updated, transferred, classified and processed as specified in the LPPD and the relevant legislation.

Your personal data processed as a result of banking activities will be processed in accordance with the relevant legislation within the scope of our legal obligations. We present to your attention this clarification text which has been prepared to inform you about your rights regarding the use and protection of your personal data within the scope of the Law No: 6698 on the Protection of Personal Data (“LPPD”/ “Law”).

IDENTITY OF THE DATA CONTROLLER

This Disclosure Text has been prepared by Vakıf Katılım Bankası A.Ş. (Bank or our Bank) acting in the capacity of Data Controller at the address of “Saray mahallesi Dr. Adnan Büyükdeniz caddesi no: 10 Ümraniye/ İstanbul” within the scope of Article 10 of Law No: 6698 on Protection of Personal Data and “Communiqué on Principles and Procedures to be Followed in Fulfilment of the Obligation to Inform”.

Our purpose is to inform you about the methods of collecting your personal data, purpose and legal purpose of processing, transfer to 3rd persons when permitted by the relevant legislation and your rights on the protection of personal data.

As per Article 3 of Law No: 6698 on Protection of Personal Data; personal data means any information relating to an identified or identifiable natural persons. Our Bank carries out personal data processing activities by taking necessary security measures for the purpose of protection of fundamental rights and freedoms including the right of privacy.

Your personal data may be processed to enable our Bank to provide services to its customers in the best manner in line with the purposes mentioned below and within the scope of our obligations arising from Banking Law No: 5411, LPPD and all other legal legislation.

PROCESSING OF THE PERSONAL DATA AND PURPOSE OF PROCESSING

Your personal data including your identity information, address, contact information, occupational experience, signature, power of attorney, educational background, financial and income status, customer transaction, card details, risk management, process security, credit history, health information, vehicles and real estate properties to be purchased through financing of our Bank, legal transaction, payment details in tax and fee payment, location, declaration, audio-visual records etc. that you directly or indirectly share with us through different channels are processed by us for the purposes mentioned below;

  • To carry out basic banking services including but not limited to accounts, cash, money transfer, foreign exchange/precious metal transactions, cheque/promissory note, lease certificate (sukuk), safe deposit box, institutional collection, financial intelligence services etc.,
  • To offer services within the scope of Banking Law and other legislation including foreign trade, financing (loan), fund management, credit card, POS, ATM services, insurance, pension and other agency services, intermediary services etc.,
  • To manage investment processes, to carry out intelligence, guarantee and reference letter transactions, to track the delinquent receivables, to carry out expertise transactions,
  • To carry out inquiry transactions that we are obliged to carry out within the scope of legal legislation including Central Civil Registration System (MERNIS), The Banks Association of Turkey Risk Center, corresponding bank black lists, General Directorate of Security E-Pledge etc.,
  • To carry out supervision, independent audit and internal control activities prescribed by the legislation, to fulfill information security obligations, to detect and prevent fraud operations, to investigate suspicious transactions, to carry out risk monitoring, follow-up and reporting activities, to manage and store communication and transaction audit trails, to record voice records of Customer Communication Center, to perform identity authentication and authority management, to evaluate compliance with the principles of participating banking,
  • To carry out tax declaration activities and perform financial control activities,
  • To receive and record camera footages of our branches, regional directorate and head office units and ATMs as required for the physical security needs of our Bank,
  • To share important information (any and all information that the Bank is obliged to share with its customers) with you through your contact information.
  • To fulfill our obligations as determined by public institutions and authorities such as Banking Regulation and Supervision Agency, Banks Association of Turkey and Central Bank of the Republic of Turkey to which our Bank is obliged to give information, to perform notification and statutory reporting processes,
  • To offer you special offers if you allow us to do so, to carry out sales and marketing and promotional activities,
  • To solve the probable problems in main banking system, to manage expenditure objection and customer satisfaction processes, to perform complaint, suggestion and demand management.

TRANSFER OF PERSONAL DATA

Within the scope of Article 8 of Law No: 6698 on transfer of personal data and Article 9 on transfer of personal data abroad, your personal data that you have submitted to us due to your banking transactions with us may be transferred to persons/institutions at home and abroad for the purposes mentioned below. The scope of the transferred data is determined to be limited to the purpose of transfer

  • To persons, corporations and/or institutions authorized by law such as Banking Regulation and Supervision Agency, Central Bank of the Republic of Turkey, Turkish Revenue Administration, Capital Markets Board, Social Security Institution, Financial Crimes Investigation Board, Credit Reference Agency, Risk Center, Interbank Card Center, General Directorate of Security etc. in order to fulfill our legal obligations,
  • To state institutions and organizations and contracted institutions and organizations in order to perform corporate collection transactions
  • To card payment system service providers, card printing and courier firms in order to manage credit cards processes,
  • To SWIFT, SWIFT service providers, domestic/foreign corresponding banks, recipient/sender banks, intermediary banks and payment/electronic money institutions in order to carry out foreign trade and out of bank money transfers,
  • To prosecution offices and courts, law offices, asset management companies in order to perform and follow-up legal affairs,
  • To independent audit institutions and authorized public institutions and organizations in order to audit the compliance of activities with regulation,
  • To real estate property valuation institutions in order to carry out expertise operations,
  • To share certificate brokerage firms, finance companies and investment companies in order to carry out investment activities,
  • To research companies in order to offer you better services and to increase your satisfaction level,
  • If you allow us to do so, to our business partners in order to make you benefit from common campaigns with our business partners,
  • To persons, institutions and/or corporations that we carry out services in the capacity of intermediary in order to fulfill our obligations arising out of Intermediation/Agency Law;

METHOD OF AND LEGAL REASON FOR PERSONAL DATA COLLECTION

Your personal data are processed based on legal reasons below specified in Article 5 of Law No: 6698 and your express consent is asked when it is required to process your personal data for the reasons other than these legal reasons. Your personal data are processed if.

  • It is expressly provided by the laws,
  • It is directly related to establishment or performance of an agreement,
  • It is necessary for the data controller to fulfil its legal obligation,
  • It is obligatory to process data for the purposes of the legitimate interests of the controller provided that the processing does not prejudice the fundamental rights and freedoms of the data subject,
  • It is obligatory to process data for the establishment, exercise or protection of a right

Your personal data are also processed through automatic systems or through non-automated means provided that it is a part of any data recording system. Your personal data are achieved by our Bank through;

  • Branches, head office, units, regional directorates and branches of our Bank,
  • Customer Communication Center and Telephone Banking,
  • Internet Banking and Mobile Banking Applications,
  • ATM and Kiosk systems,
  • Forms to be filled on internet websites,
  • Identity Sharing System, Address Sharing System, Trade Registry Gazette, Land Registry and Cadastre Information System, Risk Center, Credit Reference Agency etc,
  • Means of payment such as ATM systems and credit cards,
  • Companies that we carry out services in the capacity of intermediary/agent,
  • Social media accounts of our Bank,
  • Camera systems in branches, regional directorates and head office buildings and ATMs,,
  • Interbank card center,
  • Communication channels such as registered electronic mail, electronic notification, electronic mail, mail, fax, short message service etc,
  • Notifications, applications and negotiations with our Bank.

YOUR RIGHTS ON PROTECTION OF THE PERSONAL DATA

Within the scope of Article 11 of Law No: 6698 on Protection of Personal Data governing the rights of the relevant persons, Everyone, in connection with herself/himself, has the right;

  • To learn whether or not her/his personal data have been processed,
  • To request information as to processing if her/his data have been processed,
  • To learn the purpose of processing of the personal data and whether data are used in accordance with their purpose,
  • To know the third parties in the country or abroad to whom personal data have been transferred,
  • To request rectification in case personal data are processed incompletely or inaccurately and to request notification of the operations made to third parties to whom personal data have been transferred,
  • To request deletion or destruction of personal data and to request notification of the operations made to third parties to whom personal data have been transferred,
  • To object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems and,
  • To request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.

You may send your requests in respect thereof through application form available on our website, through methods included in the application form or through calling our Customer Communication Center at 0850 202 1 202 and 444 44 77.

As per Article 13 of the Law, our Bank shall conclude your requests included in the applications made as specified above free of charge within the shortest time but within latest thirty days according to the nature of the request. If such transaction requires any additional cost, the Bank may request a fee in accordance with the conditions determined by Personal Data Protection Board and by taking account of the Updated Tariff specified by the Board.

Our Bank acts as the “Data Controller” in accordance with LPPD. You can get information about our Bank acting in the capacity of Data Controller from the table below.

Commercial Title Vakıf Katılım Bankası A.Ş.
Address İnkılap Mahallesi, Dr. Adnan Büyükdeniz Caddesi, B Blok, No:10 Ümraniye / İSTANBUL
MERSIS/Trade Registration Number 0883 0427 7000 0010
REM Address vakifkatilimbankasi@hs03.kep.tr
Telephone Number +90 216 800 55 55

Within the scope of the banking relationship we will establish depending on the nature of the products and services you will receive from our Bank; the type, nature, history of the relationship between the Bank and the relevant person and the method of collecting the personal data may vary depending on the following purposes. Personal data processed in compliance with the Law and the principles of our Bank's Policy on the Protection, Processing, Storage and Anonymization of Personal Data include, but not limited to, the following data:

Category Personal Data
Identity It refers to all kinds of information in documents such as identity card, driver's license, marriage certificate, lawyer ID, certificate of residence, passport etc. For example: name, surname, parents' name, mother's maiden name, date of birth, place of birth, marital status, identity card serial number, Turkish ID number, nationality information, citizenship information, gender, information about children etc.
Contact Details Contact Details It refers to information such as address, telephone number, e-mail etc. For example: address, e-mail address, contact address, registered electronic mail address (REM), telephone number, fixed telephone number, fax number etc.
Location It refers to information indicating the location/place of the customers.
Educational Background and Occupational Experience It refers to the educational background, occupational experience and sector of activity of the Customer. For example: profession and title, tax registration certificate, sector of activity, certificate of activity, employment status, educational background/status, CV details etc.
Transaction Details It refers to personal data obtained and generated about the relevant person in line with the customer relationship. For example: account activities, credit information, information about participation accounts, credit card limit and balance information, promissory note/check information, information on receipts etc.
Financial Data It refers to all kinds of personal data processed regarding the financial information, documents and records of the customer. For example: asset information, information about financial performance, balance sheet details etc.
Risk Monitoring and Tracking Information It refers to personal data processed within the scope of the fulfilment of the Bank's risk management activities. For example; the records of the Banking Association Risk Center, credit rating score, credit and risk information, asset (vehicle and title deed) information etc.
Marketing Data It refers to personal data obtained and processed within the scope of marketing activities carried out regarding the Bank's products and services in accordance with legal procedures, including personalized marketing activities. For example; shopping history, surveys, cookie records, information obtained through campaigns etc.
Audio and Visual Records It refers to audio and visual data of the Customer including the call center voice recordings, camera recordings, photographs etc.
Information about Transaction Security It refers to personal data processed to ensure the technical, administrative, legal and commercial security of the Bank. For example: website login and logout information, password information, IP address information, security applications used in internet and mobile channels etc.
Information about Request and Complaint Management It refers to personal data related to the receipt and evaluation of all kinds of requests and complaints addressed to the Bank. For example; complaint records from physical media, Customer Communication Center (MIM) records, complaint records addressed to the relevant authorities etc.
Legal Transaction and Compliance Information Legal Transaction and Compliance Information It refers to personal data processed within the scope of determination and tracking of the Bank's legal receivables and rights, performance of its obligations and compliance with the legal obligations and the Bank's Policies. For example; information in the case file, information used within the scope of alternative dispute resolution methods, court/police minutes, information about legal proceedings etc.
Inspection and Audit Information It refers to personal data processed within the scope of compliance, inspection and audit activities carried out in accordance with the Bank's legal obligations and the Bank's policies. For example; internal audit and internal control records/reports, investigation reports, independent audit activities etc.
Other Data Other Data It refers to personal data obtained and processed for the activities other than the data categories listed above. For example; information about relatives etc.

Your personal data is obtained during the banking services provided by Vakıf Katılım Bankası A.Ş. Your personal data is obtained as indicated below:

  • Face-to-face service channels (Head Office and branches, direct sales teams and support service/external service organizations, companies whose activities are carried out in the capacity of intermediary/agency, contracted dealers)
  • Through automated and non-automated methods from our Bank's mobile and internet channels and applications¸ ATMs and in-branch kiosks
  • In electronic and/or physical environment such as forms, instructions, contracts, telephone, e-mail, fax, text message, cargo and mail
  • From public institutions and organizations, official institutions (Identity Sharing System, Address Sharing System, Notaries etc.)
  • Through automated methods from Banks Association of Turkey Risk Center or companies established by at least five banks or financial institutions (Interbank Card Center, Credit Bureau etc.)
  • Through applications made through digital applications (mobile banking, website, customer communication center, IVR etc.)
  • Through the institutions and organizations that are parties to our Bank's products and whose payments are intermediated b your Bank
  • Indirectly through legal representatives (through legal representatives such as attorneys, parents, guardians etc.)

Personal data may be processed with the explicit consent of the relevant person as per Article 5 of the Law No: 6698 on Protection of the Personal Data. The same article further sets forth the situations where personal data can be processed without explicit consent. In this context, the purposes and legal grounds of processing your personal data due to the banking activities you carry out with Vakıf Katılım Bankası A.Ş. are explained below. Accordingly, you can get information about the personal data we process, our purposes and legal grounds for processing by selecting the relevant section.

Your personal data may be transferred only with the explicit consent of the relevant person, without prejudice to the exceptions specified in Article 8 of the Law. Accordingly, your personal data is transferred for the following purposes and legal reasons:

Transferred Organizations Purpose of Transfer Legal Grounds

Legally Authorized Institutions and Organizations

It refers to private and public institutions and organizations authorized to request information and documents due to relevant legal regulations or legal processes, private and public institutions and organizations to which the data transfer is obligatory in accordance with legal regulations, private and public institutions and organizations that we confirm information in order to ensure the security of legal proceedings. For example; BRSA, CMB, CBRT, MASAK, PBAT, Banks Association of Turkey Risk Center, KOSGEB, Revenue Administration, Undersecretariat of Treasury, SSI, judicial authorities etc.

 Fulfillment of the requirements stipulated in the legislation.

When it is mandatory for the Bank to fulfill its legal obligation

When explicitly stipulated by the laws

Domestic and Foreign Banks, Payment Service Providers and international or domestic payment systems institutions and organizations

It refers to Domestic and Foreign Banks, Payment Service Providers and international or domestic payment systems institutions and organizations, payment service providers, financial institutions and organizations that we cooperate.

 Carrying out banking activities and fulfilment of our legal obligations

When it is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract

When data processing is mandatory for the legitimate interests of the Bank, without prejudice to the fundamental rights and freedoms of the data subject

Main Shareholders

It refers to the main shareholders of the Bank. For example; Bayezid Han-ı Sani (Bayezid II) Foundation, Mahmut Han-ı Evvel Bin Mustafa Han (Mahmut I) Foundation, Mahmut Han-ı Sani Bin Abdulhamit Han-Evvel (Mahmut II) Foundation and Murat Pasha Bin Abdusselam (Murat Pasha) Foundation

Fulfillment of the requirements stipulated in the legislation

Fulfillment of legal reporting and information requests

Conducting legal audit activities

Execution of legal processes

When it is mandatory for the Bank to fulfill its legal obligation

When explicitly stipulated by the laws

When data processing is mandatory for the establishment, exercise or protection of a right

Suppliers

It refers to all third party service providers from which the goods and services are purchased, such as support organizations, external service providers, law firms, consulting parties, courier companies etc., for the provision of banking services.

 Provision of support and consultancy services to the Bank When data processing is mandatory for the legitimate interests of the Bank, without prejudice to the fundamental rights and freedoms of the data subject
Institutions and organizations that are parties to the Bank's products/services and whose payments are intermediated

Provision of the products and services requested from the Bank

Fulfillment of the requirements of the agreements, requests and instructions concluded with the Bank

When it is directly related to the conclusion or performance of the contract

When it is mandatory for us to process your data for our legitimate interests, without prejudice to your fundamental rights and freedoms

Instruction

When you give an instruction to the Bank, it refers to the natural persons or legal entities you specify in your instruction.

 Fulfillment and execution of your instructions When it is directly related to the conclusion or performance of the contract

Within the scope of Article 11 of the Law No: 6698 on the Protection of Personal Data regulating the rights of the data subject, everyone concerned has the right:

  • to learn whether his/her personal data are processed or not,
  • to demand for information as to if his/her personal data have been processed,
  • to learn the purpose of the processing of his/her personal data and whether these personal data are used in compliance with the purpose, 
  • to know the third parties to whom his personal data are transferred in country or abroad,
  • to request the rectification of the incomplete or inaccurate data, if any, 
  • to request the erasure or destruction of his/her personal data under the conditions referred to in Article 7,
  • to object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems,
  • to claim compensation for the damage arising from the unlawful processing of his/her personal data.

You can submit your requests within this scope through the application form on our website and the methods specified in the application form or by calling the Customer Communication Center (0850 202 1 202 and 444 44 77).

In accordance with Article 13 of the Law, the Bank will finalize your requests in the applications you submit as above, free of charge, as soon as possible and within latest thirty days, depending on the nature of your request. If the transaction requires an additional cost, the Bank may charge a fee in line with the conditions specified by the Personal Data Protection Authority and taking into account the current tariff announced by the Authority.

Please click here to access The Policy on the Protection, Processing, Storage and Anonymization of Personal Data issued by Vakıf Katılım Bankası Anonim Şirketi.