Information On The Protection Of Personal Data Law


1. Objective

Türkiye Vakıflar Bankası Türk Anonim Ortaklığı (''VakıfBank'' or the ''Bank'') aims to process your personal data in accordance with the provisions of, the Personal Data Protection Law No. 6698 (the ''PDPL'') and other legislation.

We hereby inform you that your personal data, which you have provided/ will provide to our Bank due to your use of the services provided by our Bank and/or are obtained by our Bank using any other means,

  • will be recorded, stored, maintained, reorganized, shared with institutions authorized to request such personal data by law, and be transferred, handed over to third-parties home or abroad and classified on the terms and conditions provided for in the PDPL, and may be processed in other ways as provided for in the PDPL and may be subject to other transactions listed in the PDPL, by our Bank, as the ''Data Controller''
  • within the scope of the purpose that requires the processing of your personal data and in connection with, limited and restricted to this purpose
  • by maintaining the accuracy and most up-to-date version of the personal data you have provided or have been provided to our Bank.

2. Collection and Collection Procedure of Personal Data

Our Bank will process your personal data for the purposes set out in this Disclosure Text. If there is any change in the purpose of processing your personal data, you will be asked for permission separately. Your personal data collected and used by our Bank particularly include:

Content of Personal Data
Identity Data Documents such as driver's license, copy of T.R. identity card and passport containing information such as name-surname, identity number, tax identification number, nationality details, mother's name-father's name, place and date of birth, gender, and signature and initial information.
Communication Data Data that can be used for communication purposes, such as phone number, full address details, e-mail address, residence address, business address, account statement mail address, etc.
Financial Data Financial and salary information, monthly income information, debt information, account balance information, payrolls, home-owning status, interest rates, total assets, family income information, EFT/Money order information, foreign exchange transaction information, investment amount, tax office details, term/drawing account information, interest information, credit/credit card limit and balance information and so on financial data.
Special Categories of Personal Data Biometric data;
Health report, blood group;
Devices and prostheses used on driver's license (photocopy of driver's license);
Disability and disablement status;
Blood group and equivalent of religion section on birth certificate.
Legal Transaction Data Personal data processed within the scope of the determination, follow-up of legal claims and rights, the fulfilment of debts and the compliance with our Bank's policies and any file- and debt information regarding enforcement proceedings (such as information in decisions of courts and administrative authorities).
Transaction Security Data Personal data processed in order to ensure our and your technical, administrative, legal and commercial security while carrying out commercial activities (information indicating the transaction, associated with the relevant person, with that person and indicating that the person is authorized to carry out the transaction) (password, IMEI number, verification method, verification code, browser type, user name, fraud method, any other data to be received on the basis of fraud scenarios).
GLocation Data Address details, and details of place of transaction.
Professional Experience Data Organization where the person concerned works, duration of employment, type of insurance, sector of employment, title, level of education, total employment period.
Personnel Data Any personal data processed to obtain information that will be the basis for the formation of personal rights of real persons who have a service relationship with our Bank (identity details included in personal file, job application form, passport photograph, education information, graduation information, copy of diploma, profession, previous employment organization, CV information, individual retirement information).
Physical Space Security Data Personal data regarding the records and documents received during the entrance to and stay in the physical space, and camera recordings and recordings taken at the security point.
Customer Transaction Data HAccount information, bank information, receiving bank information, affiliated regional directorate, cheque information, annual dues information, account statement details, account movements, EFT/Money order information, transaction details, card details and movements, collection information, payment information, pay-off office orders, internet transaction information, branch information, interest usage details, credit usage details, policy information, swift transaction details, virtual POS information, collateral information.
Voice and Camera Recording Data Photo and camera recordings (excluding recordings that are within the scope of Physical Space Security Information), audio recordings (for example, telephone conversation voice recording)
Other Data Parents' name, information about military service, organization of employment, information on year of employment, education information, foreign language information, tax identification number and other tax details, intelligence and financial details, mortgage information, restricted transaction information, appraisal details, information on real-estate office of employment, house information, customer limit, sector, employee and representative information.

Your personal data and any information and documents that are provided by you to our Bank and obtained from third-parties both before and after the establishment of, and during, the service relationship is collected through the Bank's information processing system and camera records kept in all locations owned by the Bank.

Special Situation for the Identification and Evaluation of Risk Groups

Partnerships that you, your spouse, your children directly or indirectly control or participate in with an unlimited liability and to which those listed are a board member or general manager, or that those listed or a legal entity jointly or alone, directly or indirectly control or participate in with an unlimited liability, and partnerships that qualified shareholders, board members and general manager of a bank control jointly or alone, directly or indirectly or participate in with an unlimited liability or to which those listed are a board member or general manager, and real and legal persons with bail, guarantee or similar relationships of such size which any payment difficulty experienced by one of them will result in a payment difficulty for one or more than one of the others are a ''risk group''. Other real and legal entities to be included in the risk group are determined by the T.R. Banking Regulation and Supervision Agency, and your personal data can be processed by our Bank for the purposes of determining, monitoring, reporting and controlling the risk group in which you will be included in order to determine the credit limits to be made available to a risk group according to the banking legislation, even if you are not our customer.

3. Purposes of, and Legal Grounds for, Processing Personal Data

Your Personal Data may be processed by our Bank for the purposes set out below (without limitation).
Your Personal Data (religion information, health data and visual data, which are considered as special categories of personal data, but included in identity documents, can be obtained from the photocopy of identity card and/or driver's license indirectly) is processed for the fulfilment of legal obligations contained in (without limitation) the Personal Data Protection Law, Banking Law, Turkish Code of Obligations, Prevention of Laundering Proceeds of Crime, Law on Bank Cards and Credit Cards, Capital Markets Law, Turkish Commercial Code, Legal Practitioners Act, Turkish Civil Code, Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, Enforcement and Bankruptcy Law and Turkish Central Bank Law, and for the fulfilment of service contract requirements.

  • Carrying out ordinary mail printing processes;
  • Carrying out ATM transactions;
  • Checking fraud activities in banking transactions performed;
  • Carrying out bank insurance transactions;
  • Submission of reports to the Banking Regulation and Supervision Agency;
  • Reporting, recording in our Bank's data system, and evaluation of, the calls to the call centre from which our Bank receives support services;
  • Checking the accuracy of transactions made with other banks;
  • Receiving e-Invoice/E-Archive/E-Ledger usage commitments, preparing customer service protocols for E-Archive Private Integration, E-Ledger Storage, E-Ledger Software, E-Invoice Private Integration, E-Invoice Retention;
  • Carrying out EFT and money order transactions, preventing possible fraud events in EFT and money order transactions;
  • Carrying out bank statement printing processes;
  • Performing cheque transactions;
  • Carrying out charge-back transactions with business partners;
  • Preparing notices for legal follow-up, legal reporting, audits, overdue debts, making reminders about unpaid debts, conducting legal procedures regarding the lawsuits to which our Bank is a party;
  • Carrying out debt restructuring processes;
  • Appointing a responsible person for member merchant, POS device set-up, application entries, printing of account statements, notification of records and turnovers and execution of identification processes;
  • Carrying out letter of guarantee processes;
  • Registering real persons, who have commercial activities, with the system;
  • Making notifications to the Turkish Central Bank and the Risk Centre of Banks Association of Turkey;
  • Identification, filing and execution of letter of credit transactions;
  • Carrying out selling and information processes for products or services offered with business partners;
  • Carrying out money deposits and withdrawals;
  • In order to provide banking, insurance services and financial products, informing customers about special offers and opportunities and sharing them with business partners and our Bank's subsidiaries;
  • Making suspicious transaction reporting;
  • Carrying out printing, money top-up and other processes of prepaid cards;
  • Carrying out processes related to requests, appeals and complaints from customers;
  • Managing customer gold accounts, defining customer cheque integration, performing customer cheque demand transactions, creating account information, conducting intelligence/scoring activities, defining discounts and exemptions, performing bank profitability calculations according to customer transaction rate, conducting efficiency analysis and marketing studies;
  • Carrying out mortgage loan and credit application processes;
  • Preparing credit card application forms, carrying out credit card application processes, performing credit card debt payment transactions, preparing credit card preliminary information forms, preparing credit card contracts, making credit card offers, carrying out credit card limit increase and decrease transactions and managing credit card supplementary card application processes;
  • Making mandatory notifications to the Financial Crimes Investigation Board, Revenue Administration and Ministry of Finance;
  • Carrying out intelligence processes of customers who will obtain loans and carrying out customer evaluations;
  • Carrying out banking transactions through the Internet and mobile branch;
  • Establishing organization collection processes and defining the same to the system;
  • Carrying out banking transactions within the scope of the process carried out with business partners;
  • Carrying out black list and banned customer transactions;
  • Carrying out and following up courier processes;
  • Carrying out salary payment processes of companies cooperated.
  • Your Personal Data will be retained for the period specified in the relevant legislation or for reasonable period of time until the purpose of processing disappears and, in any way, for legal prescription periods.

4. Transfer of Personal Data to Third-Parties

4.1. Transfer of Your Personal Data to Third-Parties Home;

Your Personal Data can be transferred to Borsa Istanbul, call centres from which support services are received, the Small and Medium Industry Development Organisation, Banking Regulation and Supervision Agency, Turkish Central Bank, Revenue Administration, Ministry of Finance, related land registry offices, tax offices, law enforcement authorities, Banks Association of Turkey, resident partners abroad, business partners home, Social Security Institution, Capital Markets Board, BAT Risk Centre, competent judicial authorities, Directorate General of Turkish Grain Board, Turkish Court of Accounts, Ministry of Environment and Urban Planning, Ministry of Finance, İstanbul Altın Rafinerisi A.Ş., Central Registry Agency, Savings Deposit Insurance Fund, Türkiye Hayat Emeklilik A.Ş., Vakıf Pazarlama Sanayi ve Ticaret A.Ş., Vakıf Finansal Kiralama A.Ş., Vakıf Faktoring A.Ş., Türkiye İhracat Kredi Bankası A.Ş., İstanbul Takas ve Saklama Bankası A.Ş., Türkiye Sigorta A.Ş., suppliers from which services are purchased, Retirement and Health Aid Fund Foundation of Türkiye Vakıflar Bankası Türk Anonim Ortaklığı, Vakıf Yatırım Menkul Değerler A.Ş., Vakıf Gayrimenkul Değerleme A.Ş., Private Social Security Services Foundation, VakıfBank International A.Ş., Vakıf Portföy Yönetimi A.Ş., Vakıf Gayrimenkul Yatırım Ortaklığı A.Ş., Vakıf Menkul Kıymet Yatırım Ortaklığı A.Ş., Vakıf Enerji ve Madencilik A.Ş., Taksim Otelcilik A.Ş. and related suppliers and business partners for the fulfilment of legal obligations contained in (without limitation) the Personal Data Protection Law, Banking Law, Turkish Code of Obligations, Prevention of Laundering Proceeds of Crime, Law on Bank Cards and Credit Cards, Capital Markets Law, Turkish Commercial Code, Social Security and General HealthInsurance Law, Enforcement and Bankruptcy Law , Turkish Civil Code, Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, Occupational Health and Safety Law and for the fulfilment of service contract requirements.

In order to fulfil the legal obligations, your Personal Data can be transferred to relevant public authorities particularly for the following purposes:

  • Reporting of banking transaction records;
  • Carrying out EFT, money order and SWIFT transactions;
  • Preventing fraud cases in EFT and money order transactions;
  • Notification of incoming and outgoing EFT, wire transfers and SWIFT transfers;
  • Making compulsory notifications to relevant public institutions;
  • Carrying out mandatory reporting processes.

In order to establish and maintain business partnerships, your Personal Data can be transferred to relevant business partners particularly for the following purposes:

  • Carrying out the Bank's product and service sales, promotion and marketing activities;
  • Making notifications to partner banks;
  • Carrying out joint commercial activities with partner banks;
  • Recording of collection information in the system.

In order for our Bank to procure the necessary goods or services from supplier companies to carry out its commercial activities, your Personal Data can be transferred to relevant suppliers particularly for the following purposes:

  • Receiving consultancy service on subjects that require expertise;
  • Receiving support in product sales processes;
  • Carrying out campaign processes through companies from which support is received;
  • Purchasing goods and services in order to carry out the Bank's internal and external processes.

In order to carry out the commercial activities in which our Bank's subsidiaries and affiliates should be included, your Personal Data can be transferred to the Bank's subsidiaries and affiliates particularly for the following purposes:

  • Obtaining the necessary information from the Bank's subsidiaries;
  • Allowing customers to carry out transactions on certain platforms;
  • Allowing customers to benefit from the services offered by our Bank's subsidiaries and affiliates;
  • Sharing customer evaluations.

4.2. Transfer of Your Personal Data to Third-Parties Abroad;

Your personal data can be transferred to third-parties, business partners and authorized institutions and organizations abroad for the purpose of carrying out the Bank's banking activities.

5. Rights of Data Subjects

In accordance with Article 11 of the PDPL, you can apply to our Bank to make requests regarding your Personal Data regarding the following issues:
a. to find out whether your Personal Data has been processed;
b. if your Personal Data has been processed, to request information related thereto;
c. to find out the purpose of processing of your Personal Data and whether or not your Personal Data is used properly;
d. to receive information about third-parties to whom your Personal Data is transferred home or abroad;
e. in case your Personal Data is processed incompletely or incorrectly, to request for correction of them and for notification of such correction to third-parties to whom your Personal Data is transferred;
f. if the grounds that require processing of your Personal Data have disappeared, to request for deletion, destruction or anonymization of your Personal Data and for notification of such deletion, destruction or anonymization to third-parties to which your Personal Data is transferred;
g. to object to the emergence of any consequence against yourself through the analysis of your Personal Data processed exclusively by means of automated systems;
h. in case of any loss and/or damage due to the unlawful processing of your Personal Data, to claim indemnification for losses and/or damages suffered;
Our Bank will fulfil your requests arising from the PDPL through the "Application Form for Personal Data Subject". In accordance with Article 13 of the PDPL, our Bank will conclude your application requests, free of charge, within 30 (thirty) days at the latest. If your request is refused, the reason(s) of rejection will be notified to you in writing or electronically.
This Disclosure Text may be revised by our Bank when deemed necessary. In case of any revision related to this Disclosure Text, you will be informed accordingly. You can access the recent version of the Disclosure Text at .