Protection of Personal Data

1. This information aims to inform natural persons about the personal data processing activities carried out by Destekbank in accordance with the Law on the Protection of Personal Data (Law) and other relevant legislation. The details of the Bank's personal data processing policy can be found under the heading 'Protection of Personal Data'.

2. Destek Yatırım Bankası A.Ş.
3. Mersis Number: 293101607500001

4.    Personal data refers to any information belonging to an identified or identifiable natural person. 

5.    Pursuant to the Law No. 6698 on the Protection of Personal Data ("Law") published in the Official Gazette dated April 7, 2016 and numbered 29677 in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and to determine the obligations of real and legal persons who process personal data, personal data may be processed without consent in the cases listed in the Law, and by obtaining the consent of individuals outside of these cases.

6. In the presence of any of the following situations, consent is not required for the processing of personal data.

• •    Explicitly stipulated in the law
  •    It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, or of another person
• •    Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract.
• •    It is mandatory for the data controller to fulfill its legal obligation
• •    It has been made public by the person concerned
• •    Data processing is mandatory for the establishment, exercise or protection of a right.

•    Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. 

• On the other hand, the Bank processes sensitive data in a very limited manner. Sensitive data other than health data can only be processed without consent in cases arising from the law, and in other cases, it can be processed after obtaining consent from the data subject. Health data, on the other hand, can be processed with the consent of the data subject, except for the cases listed in the Law.

Within the framework of the regulations made by the KVKK, personal data are categorized and classified within certain specific frameworks. These data categories have also been taken into consideration in terms of the personal data specified in the continuation of this clarification text. The data categories specified below as special categories of data are processed by the Bank without your consent within the framework of the principles and rules listed in the Law, if there is a valid legal basis in accordance with the Law.

Identity Information: Information that serves to identify a natural person, such as the person's name, surname, mother's and father's name, place and date of birth, marital status, information on the identity document.

Contact Information: Information about the person's home, work and other addresses, e-mail address, registered electronic mail address (REM), telephone number, fax number, contact preference, etc. that can be used to communicate with real persons.

Personnel Information: This refers to information such as payroll information, disciplinary investigation, employment records, property declaration information, CV information, performance evaluation reports.

Legal Transaction Information: Correspondence made by our Bank with judicial authorities, information kept in lawsuit/investigation files (including mediation procedures), information contained in prosecution/investigation/investigation letters sent to our Bank by official institutions.

Customer Transaction Information: Includes information such as call center records, invoice, promissory note, check information, information on transaction receipts, information on applications and requests for products and services offered by the Bank; evaluation results of these applications and requests, account and all other transaction records.

Physical Space Security Information: Entry and exit registration information of employees and visitors, security camera records, etc.

Transaction Security Information: Data intended to ensure the transaction security of the Bank and its customers in the products and services offered by the Bank, such as IP address information, website login and exit information, password and password information.

Risk Management Information: Data processed for the purpose of managing the risks faced by the Bank (such as technical risks, commercial risks, risks specific to banking activities).

Finance Information: Balance sheet information, financial performance information, credit and risk information, asset information, creditworthiness information, legal and administrative follow-up status.

Professional Experience Information: Diploma information, educational status, courses attended, on-the-job training information, certificates, transcript information, work experience information and information on previous organizations and title levels, areas of specialization, foreign language knowledge, etc.

Audio and Visual Recordings: Information on audio-visual recordings of phone calls, video calls or meetings between the Bank and data subjects.

Health Information: Information on disability status, blood type information, personal health information, device and prosthesis information, etc. It is sensitive personal data and can only be processed with your explicit consent.

Criminal Conviction and Security Measures: Information on criminal conviction, criminal record, information on security measures, etc. It is a special category of personal data and can only be processed with your explicit consent, except for the cases listed in the laws.

Biometric Data: Data that enables us to recognize the person based on biometric elements such as palm information, fingerprint information, retinal scan information, facial recognition information. It is a special category of personal data and can only be processed with your explicit consent, except for the cases listed in the laws.

7. The purposes of processing personal data processed by our Bank, the legal grounds for processing within the framework of these purposes and the issues regarding the transfer of data to third parties are explained on the basis of categories of persons in the continuation of the clarification text. You can access more detailed information from the relevant heading of the disclosure text by determining which category of person you fall into according to the content of your relationship with our Bank.

8. On the other hand, if persons who wish to benefit from the rights provided to disabled persons in the products and services offered by our Bank notify their status to our Bank, their disability status must be recorded due to legal regulations. Therefore, in such a case, regardless of the category of the person, health information regarding the disability status is processed by obtaining consent in order to determine the disability status.

9. Pursuant to the Banking Law No. 5411, partnerships in which you, your spouse, your children and the aforementioned persons are members of the board of directors or general managers, or in which they or a legal entity jointly or individually, directly or indirectly control or participate in with unlimited liability, as well as qualified shareholders, members of the board of directors and general manager, deputy general managers and managers who hold positions equivalent to or higher than them in terms of authority and duties, even if they are employed under other titles, and their spouses and children, Real persons and legal entities that they control directly or indirectly, jointly or individually, directly or indirectly, or in which they are partners with unlimited liability, or in which they are members of the board of directors or general managers, and real persons and legal entities that have bail, guarantee or similar relationships to the extent that the insolvency of one of them will result in the insolvency of one or more of the others constitute a risk group. In addition to these, other real and legal persons and entities to be included in the risk group are determined by the Turkish Banking Regulation and Supervision Agency. In this respect, even if you are not our customer, your personal data may be processed by our Bank in order to determine, monitor, report and control the risk group that you will be included in order to determine the credit limits to be extended to a risk group in order to comply with our legal obligations in accordance with the banking legislation (Law No. 6698, Art. 5/2/ç) and to fulfill the requirements of the banking service contract we are a party to (Law No. 6698, Art. 5/2/c).

10. Except for the data processing purposes detailed separately on the basis of person categories, our Bank may process personal data within the scope of the Banking Law No. 5411 and Capital Markets Law No. 6362, as well as the secondary legislation and other relevant legislation related to these laws, 

to determine the identity of the transaction owner or the real persons who are parties to the subject matter; to prepare all records and documents that will be the basis of the transaction in electronic channels or paper media; to comply with the information retention, reporting and information obligations stipulated by the legislation, BRSA, CMB, CBRT and other authorities for applicants, customers of the bank, guarantors, partners, real beneficiaries or authorized/representatives, visitors of the bank, visitors of the websites offered by the bank and other real persons; to be able to offer the requested / other products, services and campaigns of our bank; to conduct customer, product, service and marketing analyses; to finalize the applications made regarding the products and services of our bank, to ensure that services are received from support service organizations or service providers and to fulfill the requirements of the contracts to be concluded. In the marketing and promotion of products and services, the rules listed in the legislation on sending commercial electronic messages are taken as basis. The data of natural persons who have consented to sending commercial electronic messages within the framework of the said legislation are also processed for marketing and promotion purposes, regardless of the category of person. Persons who have given their consent for sending commercial electronic messages can withdraw their consent at any time.

11. The Bank may collect personal data from different sources, as explained separately for each group of individuals. Some of the data is obtained directly from the data subjects through forms, verbal interviews or documents, while some information is obtained from public institutions or other third parties:

• Public Institutions and Organizations (Address Sharing System and Identity Sharing System etc.)  

• Other Institutions from which Information is Obtained within the Scope of Legislation (Information made available to banks by institutions such as the Credit Bureau and the Risk Center of the Banks Association of Turkey in line with legal regulations) - Business partners of the Bank: Third parties from which the Bank receives services under a contract or with which the Bank has a business partnership while conducting its activities, especially the organizations that provide support services to the Bank

12. Banks are subject to strict rules and controls under the Banking Law on the protection of customer confidentiality. Your personal data is shared only with the persons or organizations permitted by the Banking Law within the framework of the contracts signed. In this context, your personal data can only be shared within the framework of the third and fourth paragraphs of Article 73 of the Banking Law No. 5411, with financial institutions and other third parties listed in the said article; public legal entities such as BRSA, CMB, CBRT; our shareholders, our direct / indirect domestic / foreign affiliates; organizations from which we receive services to carry out our banking activities, organizations that provide valuation, rating and independent audit services to our Bank. Except for the authorizations given in the Banking Law and other relevant laws, sharing your personal data with third parties is only possible with your explicit consent.
 
13. The purposes of data transfer are explained below on the basis of recipient groups:
 
Authorities authorized by law to request bank and customer confidential information: Fulfillment of the bank's legal obligations
Shareholders of the Bank: Preparation of consolidated financial statements, risk management and internal audit activities
Independent Audit Firm of the Bank: Maintaining the Bank's independent audit activities within the scope of the BRSA's regulations on independent audit
Persons and Organizations Providing Services to the Bank within the Scope of Contractual Relationship: Providing products and services to the Bank's existing and potential customers within the framework permitted by the legislation, fulfillment of the Bank's legal or contractual obligations through third parties
Valuation and Rating Institutions: Valuation of the Bank's assets, loans and other receivables within the framework of BRSA regulations and other relevant regulations; Providing data for rating the Bank
Other banks and financial institutions, risk centers or companies to be established by at least five banks/financial institutions: Fulfillment of obligations regarding data sharing with the Risk Center, intelligence sharing

By applying to our Bank within the scope of KVKK, your personal data may be collected by our Bank 
 
a) Find out whether it is being processed,
b) Request information if processed,
c) To learn the purpose of processing and whether they are used in accordance with their purpose,
d) Knowing the 3rd parties to whom it is transferred domestically / abroad,
e) To request correction in case of incomplete or incorrect processing,
f) To request its erasure or destruction under the conditions stipulated in Article 7 of the Law,
g) To request notification of the transactions carried out in accordance with paragraphs (d) and (e) above to the third parties to whom it is transferred,
h) Object to the occurrence of a result to your detriment due to analysis exclusively by automated systems,
i) If you suffer damage due to unlawful processing, you have the right to demand compensation for the damage.
 
To exercise these rights, simply fill out the application form on the link below and send it to the address indicated on the form.