notify icon
Top of Main Content

Protection of Personal Data

Protection And Process Of The Personal Data Policy

Ojective

This Policy aims at (i) establishing set of rules for discipline in personal data processing operations carried out by QNB Finansbank A.Ş. ("QNB Finansbank") under the Banking services in compliance with legislation, (ii) defining principles adopted for processing personal data in relation with the fundamental rights and freedoms of the person covered by 20th Article of the Constitution along with the material-nonmaterial wealth and personal integrity set forth in 17th article of the Constitution and (iii) ensuring transparency by providing information to Personal Data Owner/Relevant Persons whose personal data is processes by QNB Finansbank to generate corporate culture

QNB Finansbank pays maximum attention to safety of personal data and carries out activities by considering the prioritization of personal data safety in all products and services.

The main principle of QNB Finansbank is to use Personal Data for banking transactions and to protect privacy, fundamental rights and freedoms of the person whose data is processed.

Definitions

In terms of practicing the law and under this Policy:

Express consent: The consent which is based on being provided information and explained with free will on a specific subject.

Anonymization: The process of transforming the personal data so as to ensure unfamiliarity to any natural entity's data whose identity either can or cannot be determined even if such data is matched.

Relevant User: Persons who are responsible for technical storage, protection and backup of data or persons who process the received data in parallel with the authorization and directions given by the data supervisor or within the data organization excluding the unit.

Disposal: Procedure on erasure, disposal or anonymization of personal data

Law : The Privacy Act with no.6698.

Personal Data Owner/ Relevant Person: Customers or potential customers whose personal data is processed, employees, candidates, shareholders, visitors, institutions and entities and employees, shareholders and supervisors and the third real person of them which have business relations (support service, independent audit, rating, consultancy, service, purchasing, cooperation, solution partnership etc.) within the frame of a contract drawn up with the Bank.

Personal Data: All kinds of information related to a real person whose identity is determined or can be determined.

Processing personal data: All kinds of transactions carried out on personal data such as obtaining, saving, storing, changing, personal data through non-automatic ways, re-editing, explaining, transferring, taking over, becoming obtainable, classifying or preventing the usage.

Board: Protection of Personal Data Institution

Institution: Protection of Personal Data Institution.

Customer: The real person who receives service from the Bank according to the contract he/she has signed with the Bank and whose data is processed.

Data Processor: Real person or legal entity who process personal data according to the authorization given by the data supervisor on behalf of him/her.

Data Registry System: Registry system that personal data is processed by structuring according to the specified criteria

Data Supervisor: Real person or legal entity who determines the process purposes of the personal data and is responsible for set-up and management of the data registry system.

Scope

This Policy applies to all personal data which are processes by non-automatized means with the condition of being a part of data registry system whether partially or wholly automatized and which belong to QNB Finansbank's customers, potential customers, employees, candidates, shareholders, visitors; to entities and institutions working with the Bank under a contract signed (supportive services, independent auditing, rating, consultancy, service, purchasing, collaboration, solution partnerships, etc.), and their employees, shareholders, executives and to third persons.

Effective Data Of The Policy

This Policy enters into force on 07.10.2016. Should this Policy partially or wholly renewed, relevant versions of the Policy are updated.

This Policy is published at QNB Finansbank website www.qnbfinansbank.com, and it can be shared with the Personal Data Owner/Related Person is demanded.

All employees are liable for implementation of this Policy throughout QNB Finansbank within the scope of their authorizations.

Implementation Of The Policy In Terms Of Time

The status of personal data which are currently processed are regulated in the 3rd paragraph of the provisional 1st article of the Act. Accordingly, Personal Data processed prior to the date of effective of the Act are updated as per the provisions of the Act within two years as from the date of effective. The Personal Data which is detected to be contradictory to the provisions of the Act is disposed or anonymized. And yet, the legal consent which is obtained prior to April 7, 2016 (the effective date of the Act) are deemed as compliant to the Act should otherwise is declared within one year.

Implementation Of The Policy In Terms Of Person

As per the 2nd article of the Act, the provisions of the Act apply to real persons whose personal data is processed and to natural and corporate entities who process information such data automatically in part or whole or non-automatically with the condition of being a part of any data registry system. Accordingly, Personal Data of all corporate entities are excluded by the Act; however, such data will be deemed included in the Act should it becomes possible to determine the real person by using the data of corporate entity.

The anonymized and unidentifiable data and data on corporate entities are not considered as Personal Data and they are not subject to this Policy.

Personal Data

All kinds of information related to a real person whose identity is determined or can be determined. To qualify any data as Personal Data, the data must be related to real person and this person must be identified or identifiable.

  • a. Being related to real person: Personal Data is related to reals persons and the data of corporate entities are not covered by the definition of Personal Data. Therefore, information on corporate entity such as title of commerce or address (except being related to real person) will not be considered as Personal Data.
  • b. Real Person Identified or Possible to Identify: Personal Data might directly refer to identity information of the owner or it might consist all information which can be used for identifying the person by relating to any record, though not directly indicating identity of the person, as well.
  • c. Information of Any Kind: The notion of "any information" is quite comprehensive; and not only the information indicating identity of the person such as name, surname, date of birth and place, etc. but also all data which makes it directly or indirectly possible to identify the person such as telephone number, moto-vehicle plate, social security number, passport number, curriculum vitae, photo, video or voice records, fingerprints, IP address, e-mail, hobbies, preferences, relevant persons, memberships, family information, health information are deemed as Personal Data.

Processing Personal Data

The term of "Processing Personal Data" indicates a cycle. In the 2nd article of the Act, such act is defined as a process which is initiated as receiving information automatically in part or whole or non-automatically with the condition of being a part of a data registry system and following data processing transaction of any kind. After collecting Personal Data as defined, any operation carried out till the erasure, disposal or anonymization transactions is considered as processing of Personal Data under the Act.

Personal Data can be processed in various ways:

  • Collection or registry: By the time the Personal Data is first obtained, processing begins.
  • Organizing/storage: Protection, reserving or storing of Personal Data on the digital or physical platform is accepted within the scope of processing.
  • Using/changing: All kinds of usage, even the viewing of the Personal Data is accepted as processing.
  • Transfer: Directing of the Personal Data with various methods.
  • Spreading/ making achievable: Giving access to the third parties is also a processing type such as distributing or sharing the data physically.
  • Prohibition: These are also accepted as some of the processing types.

Personal Data can be processed either automatic or non-automatic methods.

a. Automatic Processing

Automatic data processing is the processing operations which are performed by devices with software such PC, telephone, watch, etc. and which are automatically carried out without any intervention by humans by means of algorithms arranged beforehand via software and hardware features.

b. Non-automatized Methods for Processing (Provided that the Data is a Part of Data Registry System)

Even if Personal Data is not subjected to automatic processing, they will be subject to the provisions of the Act once they are processed via "data registry system". These systems can be created either in physical or electronic media.

All the conditions should be fulfilled in order for the data to be processed in compliance with the law:

  • Processing is based on consent and exception,
  • Disclosure is actualized,
  • Processing is limited to purpose and period,
  • Compliance to the general law principles.

During the period when banking services offered by QNB Finansbank is used by our customers and following that the relation is over, Bank has the right to process the data of Personal Data Owner/Relevant Person provided that it follows the purposes specified in this Policy.

With respect to Personal Data Owner/Relevant Person, QNB Finansbank has the right to process the data of the Personal Data Owner/Relevant Person provided that the reasons of compliance with law foreseen in the Law continue.

Personal Data processing performed by QNB Finansbank is the transactions carried out for the data by using the automatic, half-automatic or non-automatic ways within the scope of banking activities.

Personal Data Processing refers to all kinds of transactions performed on the data such as obtainment, voice or video recording, collecting these, saving, reserving, organizing, storing, using, changing, re-editing, classifying, explaining, transferring to the homeland or abroad, making obtainable, taking over, preventing from using.

General Principles On Personal Data Processing

Personal Data is processed in compliance with the principles foreseen in the Law and the procedures and principles stated in this Policy and within the scope below.

  • Being Compliant to Law and Good Faith

    QNB Finansbank processes the Personal Data in compliance with the relevant legislation and core of good faith and uses within relevant limits.

  • Being Accurate and Up-To-Date Where Necessary

    QNB Finansbank ensures that Personal Data is accurate and updated paying attention to the fundamental rights and freedoms of the Personal Data Owners. Within this scope, it takes into consideration the principles such as determined sources, confirmation of their accuracy, evaluating if they require to be updated or not.

  • Processing the Data with the Specific, Obvious and Lawful Purposes,

    QNB Finansbank determines the data processing purpose clearly and precisely and ensures that this purpose is legal. Legalizing the purpose means that the Personal Data processed by QNB Finansbank is connected to the banking services and works and activities performed within this scope and is required for these.

  • Data is related, limited and moderate to the purpose that it is processed,

    QNB Finansbank ensures that processed Personal Data is sufficient for the purposes to be actualized and avoids the processing of the Personal Data which is not related to the actualization of the purpose or is not needed. It actualizes the Personal Data processing conditions regulated in the Law, as if it is just beginning to process, in order to process data regarding the fulfillment of the needs which are possible to occur later. Besides, it confines the processed data to what is required to actualize the purpose.

  • Data is preserved within the required period for the purpose stated under the legislation or they are processed for,

    If there is a period foreseen for storage of the data, QNB Finansbank adjusts to these periods for all the legislations it is subject to within the scope of Banking Law and activity no.5411, otherwise it preserves the Personal Data for the period required as the purpose of processing. If there is not a valid reason for a Personal Data to be preserved longer by QNB Finansbank, relevant data is erased, disposed or anonymized within the frame of the regulations in the "Personal Data Storage and Disposal Policy".

Conditions Regarding The Personal Data Processing

Statement of approval that is given by the customer for data processing related to him/her, having sufficient knowledge on the subject, leaving no room for hesitation and limited to only this transaction is defined as "express consent" in the Law. As per the article 5 of the Law, express consent is one of the personal data processing conditions in the Law and it does not have any comparative advantages over the other personal data processing conditions. Express consent is not the sole element which brings legality to the data processing activity.

If one of the conditions below is present, without the express consent of the Personal Data Owner/Relevant Person, processing of the personal data is possible:

  • a. It is foreseen in the Law,
  • b. Even if there is not any express consent, QNB Finansbank can process the Personal Data of the Personal Data Owner/Relevant Person within the scope that is clearly projected by laws that it is subject to.
  • c. It is obligatory for the protection of the person who cannot explain his/her consent due to actual impossibility or whose consent is not acknowledged for legal validity or for the protection of another person's life or body integrity,
  • d. It is necessary for the Personal Data belonging to the parties of the contract to be processed provided that it is directly related to drawing up or fulfillment a contract,
  • e. It is obligatory for the Data Supervisor to fulfill the legal obligations,
  • f. Processing of the personal data which is declared by the Personal Data Owner/Relevant Person.
  • g. Data processing is obligatory for establishing, using or protecting a right,
  • h. Data processing is obligatory for the legitimate interests of the data supervisor provided that fundamental rights and freedoms of the Personal Data Owner/Relevant Person are not damaged.
  • i. Provided that it does not damage the fundamental rights and freedoms of the Personal Data Owners, QNB Finansbank can process the personal data of the Personal Data Owner/Relevant Person where it is obligatory to process the Personal Data for the protection of legal interests.

QNB Finansbank shows the required sensitivity on following the main principles regarding the protection of Personal Data and looking after the benefit balance of the Personal Data Owner/Relevant Person.

Purpose Of Data Processing

QNB Finansbank processes the Personal Data in order to:

  • Fulfill liabilities posed by all legislations subjected within the scope of banking operations and Banking Law with no.5411, in particular,
  • Fulfill the execution of the conditions of agreements relevant to the products and services drawn up and liabilities taken over in order for the banking services to be offered,
  • Perform the credibility valuations of our customers and carry out enquiry, information researches, planning, statistical works,
  • Develop the services of the Bank in order to be offered to the customers in the best way while customers are analyzing their loan history, statistical data etc.,
  • Contact the customers regarding the current status of banking services and updates, provide required information in this respect,
  • Offer a new and/or an extra loan or a product other than loan which the banking transactions and/or loan history and/or behavior models of our customers are required to be provided;
  • Carry out the transactions related to banking, insurance, investment and finance products, perform the activities within this scope and develop the services,
  • Guide for the products which our customers can be interested in by considering the usage habits of them and provide information on the campaigns, carry out the advertisement, marketing, promotion and campaign activities regarding the services and products,
  • Know and use our customers who perform banking transactions through the branches, alternative distribution channels, Internet banking and /or our mobile branch for the customer analysis, perform various marketing and advertisement activities,
  • Offer suggestion to our customers by the contracted companies and solution partners, inform our customers about our services,
  • Evaluate the customer complaints and suggestions about our services,
  • Fulfill our legal liabilities and use our rights derived from the applicable legislation,
  • Plan and implement our Human Resources policies in the best way, evaluate the Personal Data shared during the job applications,

within the scope of Personal Data processing conditions stated in the 5th and 6th articles of the Law.

Processing The Data Of The Employee And Candidates

Current Employees: QNB Finansbank has the right to process the personal data which the Personal Data Owner/Relevant person has declared because he/she will start working for the Bank, with the purposes of executing the contract within the frame of the employment contract drawn up with QNB Finansbank, and/or fulfillment of his/her Benefits and Compensation Rights arising from this contract and maintenance of these uninterruptedly, all kinds of insurance services offered to the employees, occupational health and safety services, monitoring of performance management and evaluation, training activities and fulfillment of human resources and training processes.

Candidates: Evaluation of the job applications is carried out in compliance with the regulations of law related to the management of enquiry, research and other recruitment process.

For the processing of the Personal Data which is related to the business relation but is not the part of the execution of the employment contract at first, it should have the reasons of compliance with the law. (Consent of the applicant (electronic or non-electronic ways), Legal interest of QNB Finansbank, data processing principles and purposes stated in the Law and this Policy)

Data Processing With The Cameras In The Head Office, Regional Offices, Branch, ATM

QNB Finansbank, with the video records made with the security cameras in the entrances and inside of Head Office, Regional Offices, Branch, ATM, has the purposes for protecting the security of itself and third parties.

Data processing activity mentioned above, is carried out in compliance with the Law on Private Security Services with no.5188 and the relevant legislation.

QNB Finansbank engages in the security camera monitoring activity in compliance with the purposes foreseen in the relevant legislation and the Personal Data processing conditions stated in the Law in order to provide the security.

Voice recording is carried out when QNB Finansbank is communicated through phone provided that the Personal Data Owner/ Relevant Person is informed.

Data Processing Regarding the Visitors

Personal Data Processing is carried out regarding the visitor entries and exits QNB Finansbank Head Office, Regional Offices and Branches for providing security with the purposes stated in this Policy by QNB Finansbank.

Personal Data Owner/ Relevant Persons are provided with information when their names are obtained while they enter QNB Finansbank Head Office, Regional Offices and Branches as visitors or through the informative texts hung within the QNB Finansbank Head Office, Regional Offices and Branches or presented to the visitors.

Data, which is obtained for monitoring of visitor entries-exits, is only processed with this purpose and the relevant personal data is saved to the data registry system on the physical platform.

Storage of the Records Regarding the Internet Access Provided For Visitors

Internet access can be provided for visitors requesting this service within the Head Office buildings with the maintenance of security and the purposes stated in this Policy by QNB Finansbank. Logs regarding the internet access are recorded according to the Law on Regulation of Publications on the Internet and Suppression of Crimes by means of such Publications no.5651 and the imperative provisions of the legislation regulated according to this law; these records are only processed in case they are requested by the authorized state institutions and organizations or in order to fulfill our legal liabilities in the auditing process to be carried out within QNB Finansbank..

The logs, obtained within this frame, can only be accessed by the limited employees of QNB Finansbank. QNB Finansbank employees who have access to mentioned records, share them to respond to the requests coming from the authorized state institutions and organizations or with the persons legally authorized to access to use them in the auditing process.

Web Site Visitors

On the websites in the property of QNB Finansbank; internet movements in the website are saved through the technical means (E.g. Cookies) in order to provide that visiting purposes are carried out in compliance with the visiting purpose of the visitors, to display specialized contents and perform online advertisement activities.

Detailed explanations regarding the protection of these activities which are performed by QNB Finansbank can be found in the "Privacy Policy" texts of the relevant websites.

Processing Of The Special Quality Personal Data

QNB Finansbank act in compliance with the regulations foreseen in the Law during the processing of personal data determined as "special quality" with the Law.

On the Article no.6 of the Law, a number of personal data having the risk to cause unjust treatment of the people or discrimination are determined as "special quality". These data is related to ethnicity, political view, philosophical view, religion, sect or other beliefs, appearance, association, foundation or union memberships, health, sexual life, conviction and security precautions and biometric genetic data.

Provided that sufficient precautions determined by the Board are taken, in compliance with the Law by QNB Finansbank, Special quality personal data is processed

  • If there is express consent of the personal data owner or,
  • If there is not any express consent of the personal data owner

The special quality personal data except the health and sexual life of personal data owner in the situations foreseen in the laws,

The special quality personal data regarding the health and sexual life of the personal data owner is only processed by the people having the liability to keep secrets or authorized institutions and organizations with the purposes of protection of the public health, maintenance of preventive medicine, medical diagnosis, treatment services, planning and management of the health and financing services.

Transferring Of The Personal Data

QNB Finansbank can transfer the personal data of the Personal Data Owner/Relevant Person to the third parties taking the required precautions in line with its legal personal data processing purposes. QNB Finansbank acts in compliance with the regulations foreseen in the article no.8 of the Law accordingly.

QNB Finansbank can transfer the Personal Data to the third parties in line with the legal personal data processing purposes, based on and limited to the one or some of the data processing conditions stated in the article no.5 of the Law mentioned below:

  • If there is express consent of the personal data owner,
  • If there is a clear regulation regarding the transferring of the personal data ,
  • If it is obligatory for the life of the Personal Data Owner/Relevant Person or someone else or the protection of the body integrity and if the Personal Data Owner/Relevant Person is unable to explain his/her consent due to occupational impossibility or his/her consent is not legally validated
  • If it is necessary for the personal data belonging to the parties of the contract to be processed provided that it is directly related to drawing up or fulfillment a contract,
  • If the personal data transferring is obligatory for QNB Finansbank to fulfill its legal liability,
  • If the personal data is declared by the personal data owner,
  • If the personal data transferring is obligatory for establishment, usage or protection of a right,
  • Provided that fundamental rights and freedoms of the personal data owner are not damaged, if the personal data transferring is obligatory for the legal interest of QNB Finansbank.

Transferring To Abroad

QNB Finansbank can transfer the Personal Data of the Personal Data Owner/Relevant Person to the third parties taking the required precautions in line with its legal Personal Data processing purposes.

Personal data can be transferred to the foreign countries, which are declared to have sufficient protection by the Board ("Foreign Country with Sufficient Protection") or if there is insufficient protection, to the foreign countries ("Foreign Country Which Has The Data Supervisor Undertaking The Sufficient Protection") which data supervisors in Turkey or in the relevant foreign country undertake a sufficient protection as written and which have the Board permission. QNB Finansbank acts in compliance with the regulations foreseen in the article no.9 of the Law.

If there is express consent of the Personal Data Owner/Relevant Person in line with the legal personal data process purposes or if there is not any expressed consent, in case one of the the situations below is present, QNB Finansbank can transfer the personal data to the foreign countries which have The Sufficient Protection or A Data Supervisor Undertaking the Sufficient Protection:

  • If there is a clear regulation regarding the transferring of the personal data,
  • If it is obligatory for the life of the Personal Data Owner/Relevant Person or someone else or the protection of the body integrity and if the Personal Data Owner/Relevant Person is unable to explain his/her consent due to occupational impossibility or his/her consent is not legally validated;
  • If it is necessary for the personal data belonging to the parties of the contract to be processed provided that it is directly related to drawing up or fulfillment a contract,
  • If the personal data transferring is obligatory for QNB Finansbank to fulfill its legal liability,
  • If the personal data is declared by the personal data owner,
  • If the personal data transferring is obligatory for establishment, usage or protection of a right,
  • Provided that fundamental rights and freedoms of the personal data owner are not damaged, if the personal data transferring is obligatory for the legal interest of QNB Finansbank.

Transferring Purposes

Personal Data, which is processed by QNB Finansbank,is transferred limited with the purposes of planning and carrying out strategies, procurement of legal, commercial and physical security of QNB Finansbank to the entities and institutions that are working with the Bank (support service, independent auditing,rating, consultancy, service, purchasing, cooperation, solution partnerships etc.) with the purpose of fulfillment of the contract, providing corporate operation, conducting works to benefit customers from the products and services offered in the best way; making the products and services specialized according to the requests, needs and claims of the customers, developing the services offered on the website, planning and implementing our human resources policies in the best way, contacting those who directed their requests and complaints to QNB Finansbank and within the scope of the conditions stated in the articles no.8 and 9. Of the Law.

Erasure, Disposal And Anonymization Of Personal Data

Erasure, Disposal And Anonymization Of Personal Data

Provided that provisions in the other laws related to erasure, disposal and anonymization of personal data are kept secret, although the Bank process that in compliance with this Law and other provisions of the Law, it erases, disposes and anonymizes the personal data ex officio and on demand of the Personal Data Owner/Relevant Person and within the frame of the principles in the Personal Data Storage and Disposal Policy if the causes requiring the processing disappear.

Erasure of the Personal Data is the process of making the Personal Data inaccessible and unusable.

Disposal of the data is the process of making Personal Data inaccessible, nonreturnable and unusable.

Anonymization of the data ensures the personal data to be unassociated with any identified or unidentified real person on no condition even if the personal data is matched with other data.

Storage Period Of The Personal Data

QNB Finansbank stores the Personal Data according to the period foreseen in the laws and other legislation. Following the actualization of the Personal Data processing purpose and end of the period in the regulations of the relevant law, Personal data is erased, disposed or anonymized within the frame of the principles in the "Personal Data Storage and Disposal Policy" or on demand of the Personal Data Owner/Relevant Person.

In case the personal data is disposed through these relevant methods, these data can never be reused or restored. Although there are legal interests of QNB Finansbank or the purpose of the processing and the period stated in the relevant laws end, personal data can be stored provided that fundamental rights and freedoms of the Personal Data Owner/Relevant Person are not damaged.

Rights Of The Personal Data Owner / Relevant Person

Every Personal Data Owner/ Relevant Person has the rights stated below.

a) Learning if the Personal Data is processed or not, b) if it is processed, demanding information regarding this, c) Learning the purpose of Personal Data processing and if these are used in compliance with their purposes, ç) Learning the third parties at home and abroad to which the personal data is transferred, d) in case the Personal Data is processed incorrectly, demanding the correction, e) Asking for the erasure or disposal of the Personal Data, f) Demanding the transactions performed as per paragraph (d) and paragraph (e) to be notified to third parties receiving such information, g) Objecting to the result coming out against itself due to the analysis of the Personal Data exclusively with the automatic systems and ğ) Requesting for recovery in case any losses incurred due to illegal processing of Personal Data.

Application Methods Of The Personal Data Owner / Relevant Person

QNB Finansbank concludes the requests regarding the implementation of this Policy and Law as soon as possible and at least within 30 days based on the request stated in the application free of charge. However, in case the transaction requires extra cost, below amounts determined by the Board might be collected. Should the application is occurs as a mistake by QNB Finansbank, the amount charged is reimbursed to the Personal Data Owner/Relevant Person.

Method of application

Personal Data Owner/Relevant Person can send requests by applying personally to QNB Finansbank branches in written along with the documents proving his/her identity (identity card, driving license, passport, etc.) within the scope of the rights projected in the 11th article of the Law, he/she can also send such request to the Head Office by means of notary public, he/she can apply to qnbfinansbank@hs05.kep.tr address via secure electronic signature or send such request to kvkk_bilgi@qnbfinansbank.com address by using his/her e-mail which is previously notified to the Bank or registered in the system.

These applications shall be accepted after your identity is confirmed by QNB Finansbank and you shall be informed in written or via electronic media within the legal durations.

In written application, the submission date of the document ot QNB Finansbank is deemed as the application date.

In the case of applications submitted in other methods, the date of receipt by QNB Finansbank is taken as the application date.

Response to application

QNB Finansbank is obliged to take all administrative and technical measures in order to effectively finalize each application, to be submitted by Personal Data Owner/Relevant Person, in compliance with the law and the code of good faith.

QNB Finansbank either accepts the application ot declines by stating the reasons. QNB Finansbank sends the response to Personal Data Owner/Relevant Person in written or via e-mail.

If the demand by Personal Data Owner/Relevant Person is accepted, QNB Finansbank fulfills the liabilities arising from the demand and provides the Personal Data Owner/Relevant Person with information.

Salary

If the response is to be given to Personal Data Owner/Relevant Person in written, pages up to ten are not charged. For each page exceeding ten pages, transaction cost is charged as 1 TL.

If the response is given in a recorded media such as CD, USB, etc., the cost to be demanded by the incumbent cannot exceed the overall cost of the media.

Cases That The Law Will Be Implemented Partly Or As A Whole

The Law and Provisions of this Policy will not be implemented in the cases below:

  • Personal data is processed within the scope of the activities related to himself/herself or his/her family members living in the same house provided that they are not given to the third parties and the liabilities for the data security are followed.
  • Personal data is processed with the purposes of research, planning and statistic provided that they are anonymized with the official statistic.
  • Personal data is processed with the art, historical, literature or scientific purposes provided that they don't violate national defense, national security, public security, public order, economic security, privacy or personal rights or they don't constitute a crime.
  • Personal data is processed within the scope of preventive, protective and informative activities which are carried out by the state institutions and organizations authorized and assigned intended for ensuring the national defense, national security, public security, public order or economic security.
  • Personal data is processed by judicial authorities or execution authorities related to inquiry, prosecution, judgment or execution transactions.

Article no.10 of the Law which regulates the liability to inform provided that it is proportional and in compliance with the purpose and the main principles of the Law, except for the right of demanding the recovery of loss, article no.11 which regulates the rights of the relevant person and the article no. 16 which regulates the liability to registry of Data Supervisors Registry will not be implemented in the conditions below:

  • Personal Data processing is necessary for prevention of crime or criminal investigation.
  • Processing of the personal data which is declared by the relevant person.
  • Personal Data processing is necessary for carrying out of the auditing and regulation tasks by the authorized state institutions and organizations and professional organizations qualified as public institutions and for inquiry or prosecution.
  • Personal data processing is necessary for protection of the economic interests of the Government related to the budget, tax and economic subjects.

Establishing And Management Of The Data Processing Process

Data processing process, which is carried out within the frame of banking activities, is subjected to the data security principles within the scope of the Communiqué on the Principles to Be Taken as Basis for Management of Information Systems in Banks which have the Banking Law numbered 5411 and sub-regulations by the Bank.

Relevantly, it is forbidden for any employee in QNB Finansbank to access, process or use these data without authorization.

Processing of such information by any employee who is not authorized within the scope of the legal duties of QNB Finansbank is deemed to be unauthorized transaction.

Employees of QNB Finansbank can only have access to the data within the frame of the kind and scope of his mentioned assignments properly. Roles and responsibilities are detailed as separated according to the principle on segregation of duties.

Misusing of the personal data for special or commercial purposes, sharing such data with unauthorized people or making them accessible by employees of QNB Finansbank are forbidden.

Implementation And Control Of The Policy

QNB Finansbank carries out the data processing activity in compliance with the regulations of the Law and approaches to Protection and Process of the Personal Data Policy as a part of corporate management. Besides, it takes all the required administrative and technical precautions to bring into force the Policy and Procedures it published referring to the Law.

Data processing activities carried out by QNB Finansbank are checked regularly by the authorized persons working in the relevant units of the Bank and subject to auditing.

 

Letter Of Inform On Protection And Processing Of Personal Data

DEAR CUSTOMER, WE WOULD LIKE TO INFORM YOU REGARDING THE CODE OF PERSONAL DATA PROTECTION

According to the provisions of the Code of Personal Data Protection numbered 6698 ("Code"), all kinds of information including your sensitive data which enables to determine and ascertain your identity, shall be processed as Personal Data within following scope, by QNB Finansbank A.Ş. ("QNB Finansbank"), in the capacity of Data Controller. And, "Processing of Your Personal Data" means all kinds of transactions performed on the data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use.

We would like to indicate that, as QNB Finansbank, we place utmost importance on the security of your personal data and we maintain our activities being conscious that the security of your personal data is at the forefront in all our products and services we offer you.

It is our basic principle that your personal data shall be used for your banking transactions, that the confidentiality of your private life and your fundamental rights and freedoms, shall be protected.

Purposes and legal reasons of processing your Personal Data:

These purpose and reasons may be set forth as to utilize in all kinds of products and services to be offered to you within the scope of the Banking Law no.5411 and related laws and regulations; to record your identity details, address, your phone number, all your information relating to your accounts with QNB Finansbank, your tax number, your biometric and health data and your other information which are considered as personal data within the scope of the Code, in order to perform our banking activities and in this context, to determine the beneficiary and addressee of all kinds of acts and transactions; to arrange the information and documents which shall constitute basis for acts and transactions to be performed on paper or in electronic environment; to comply with the obligations of keeping information, reporting and providing information, as required by all competent judicial and administrative authorities (courts, TBB-Banks Association of Turkey, BDDK-Banking Regulation and Supervision Agency, SPK-Capital Markets Board, TCMB-Central Bank of the Republic of Turkey, MASAK-Financial Crimes Investigation Board, GİB-Revenue Administration) according to related laws and regulations; to perform our banking activities within the scope of the Banking Law no.5411; to be able to offer other products and services which are offered by QNB Finansbank or which are demanded; to fulfill the obligations under the Agreement signed with you; to realize our legitimate targets such as providing security or preventing crime.

Transfer of your Personal Data:

For the purposes specified above briefly, your personal data held with QNB Finansbank is safely stored and not disclosed to third parties excluded from the legal restrictions. QNB Finansbank may transfer your personal data due to legal requirements and within the framework of legal restrictions, to persons, authorities and/or institutions required/permitted under the provisions of the Banking Law no.5411 and other laws and other related rules and regulations; including but not limited to the financial institutions specified in the 4th paragraph of article 73 of the Banking Law no.5411 and other 3rd persons, public institutions, authorities authorized to receive personal data such as BDDK (Banking Regulation and Supervision Agency), SPK (Capital Markets Board), TCMB (Central bank of the Republic of Turkey), GİB (Revenue Administration), SGK (Social Security Institution), MASAK (Financial Crimes Investigation Board), BKM (Interbank Card Centre), KKB (Credit Bureau of Turkey), FİNDEKS (Internet Branch of the Credit Bureau of Turkey), our main shareholder and its subsidiaries, our subsidiaries in Turkey/abroad companies in cooperation with which activities are conducted in the capacity of intermediary/agent, third parties from which services are received in order to maintain our banking activities, institutions, corporations, local/foreign banks, funds with which we cooperate, which are our program partners, institutions which we collaborate, local/foreign/international institutions from which we receive services/support/consultancy or which are our project/program/financing partners and institutions from which independent audit and support services are received.

Method of collecting your Personal Data:

Your personal data are collected by all agreements/information forms and other documents relating to banking transactions, issued by your consent and/or signature according to the Banking Law no.5411 and other related laws and regulations; by declarations which you shall make by your electronic consent and/or signature; through channels such as the Head Office, Regional Offices, Branches, ATMs, Internet Banking, Call Center, Kiosks; by various methods verbally, in writing or completely or partially automatic provided that they are in electronic environment or which are not automatic as a part of any data recording system, which may also be obtained from sources out of QNB Finansbank including our subsidiaries in Turkey/abroad, program partner institutions and corporations which we cooperate, official institutions, local/foreign banks and other 3rd persons.

Your rights according to article11 of the Code:

By apply to QNB Finansbank, you shall have the right to I) to be informed whether your personal data is processed or not, II) request information as to processing if it is processed, III) learn the purpose of processing of the personal data and whether data are used in accordance with their purpose or not IV) know the third parties in the country or abroad to whom personal data have been transferred; V) request rectification in case personal data are processed incompletely or inaccurately VI) request deletion or destruction of personal data within the framework of the conditions set forth under 7th article of the Code, VII) request notification of the operations made as per indents (d) and (e) to third parties to whom personal data have been transferred VIII) objecting to occurrence of any result coming out against itself due to the analysis of the Personal Data exclusively with the automatic systems, IX) request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.

Data Controller which you apply to within the scope of the Law:

You can send your request by applying personally to our branches in written by bringing the documents proving your identity (identity card, driving license, passport, etc.) to exercise your above-mentioned right as per Code, you can also send such request to our Head Office by means of notary public, you can apply to qnbfinansbank@hs05.kep.tr address via secure electronic signature or send such request to kvkk_bilgi@qnbfinansbank.com address by using your e-mail which is previously notified to our Bank or registered in our system.

These applications shall be accepted after your identity is confirmed and you shall be informed in written or via electronic media within the legal durations

Trade registry number: 237525 Central Registration Number: 0388-0023-3340-0576 Trade name: QNB Finansbank A.S. Head Office Address: Esentepe Mahallesi, Büyükdere Caddesi, Kristal Kule Binasi, No:215, Sisli, Istanbul/TURKEY Web: www.qnbfinansbank.com Telephone Banking: 0850 222 0 900

Did the information on this page help you?