Contact Information

DISCLOSURE TEXT ON THE PERSONAL DATA PROTECTION LAW NO. 6698

Türkiye Kalkınma ve Yatırım Bankası Anonim Şirketi (hereinafter Bank) attaches great importance to the protection of your security, and your fundamental rights and freedoms. In this context, we would like to inform you about the “Personal Data Protection Law No. 6698” to ensure the protection of your personal data as well.

With a view to ensuring uninterrupted and secure provision of the Bank’s products and services inside and outside the country, your personal data may need to be gathered, processed, and transferred to third parties, after having been disclosed to the Bank or obtained by the Bank through various channels.

The Bank implements security measures to maintain your privacy during the collection, processing, storage, and where necessary, disclosure of your personal data, in compliance with the law and within the framework of the Personal Data Protection Law No. 6698 and various other regulations.

We hereby inform you that the personal data you have provided/will be providing to utilize the services offered by the Bank, and/or your personal data obtained by the Bank through any external means for the same purpose, shall be saved, stored, kept, revised, and disclosed to agencies legally authorized to demand personal data, and shall also be disclosed and transferred to domestic or international third parties in compliance with the terms stipulated by KVKK, be categorized and processed in various other forms as stipulated in KVKK and be subjected to other procedures again as specified in KVKK. All these procedures shall be performed by the Bank

 

• -acting in its capacity of “Data Controller”;
• -within the framework of the purpose requiring the processing of your personal data, and in connection with, and limited and restricted to such purpose;
• -by maintaining the accuracy and the most current form of the personal data provided by you or obtained via other means.

 

For the purposes of this disclosure text:

a)Personal Data

refers to all kinds of information, including those available in the personnel file.

b)Sensitive Personal Data

refers to information regarding race, ethnic origin, political views, philosophical beliefs, religion, sect or other religious beliefs, attire and clothing, membership in associations, foundations or labor unions, health, sexual life, criminal record, and data regarding security measures, as well as biometric and genetic data.

c)Data Controller

refers to the Bank acting as the Data Controller to collect and process your personal data within the following framework and as per the Personal Data Protection Law No. 6698 (Law No. 6698).

d)Data Processor

refers to the legal or natural persons processing personal data on behalf of the data controller, based on the authorization extended by the data controller.

1.PERSONAL DATA PROCESSING PURPOSES
 

Within the framework of your relationship with the Bank, your personal data is processed for the following purposes.

The purposes specified below can vary with reference to your relationship with the Bank, the products and services you have been utilizing, or the level of authorization regarding the processing of your personal data. Based on your relationship with the Bank, you may review the purposes of processing categorized under the sub-sections, in addition to those specified below.

 

• -Performing our contractual and legal obligations in due and complete form;
• -Ensuring compliance with national and international principles and guidelines, and complying with the information storage, reporting and notification obligations stipulated by the regulations and legal authorities;
• -Executing banking procedures, and carrying out correspondent banking operations;
• -Providing our products and services within the framework of banking, finance, investment and portfolio management, carrying out the orders submitted by you with respect to our products and services, transferring negotiable instruments such as cash, foreign currency, or gold, and performing payment transactions;
• -Providing products and services via internet banking and the mobile app;
• -Carrying out authentication procedures to ensure the security of the customer, the Bank, and data, implementing, registering and reporting checks to prevent money laundering, bribery, fraud, financial crimes and sanctions, and filing suspicious transaction reports;
• -Complying with the requests of authorized institutions and organizations;
• -Performing contract management, implementing legal procedures, and monitoring legal processes;
• -Keeping tabs on financial and accounting procedures, and preparing financial and commercial reports;
• -Carrying out marketing, promotion and gift dispatch procedures and performing market research, sending commercial electronic messages and developing customized products and campaigns provided that you have given relevant permission, implementing general and customized segmentation activities, and identifying and recommending products and services you may be interested in or need in our view;
• -Carrying out customer relations activities;
• -Providing event, conference and activity notifications provided that you have extended permission for such notifications, and sending invites, surveys and updates on current developments;
• -Performing an analysis of how our services are being used by you and developing our products and services accordingly;
• -Ensuring security and the continuity of activities, and performing activity analyses, enhancements, and performance assessments;
• -Implementing social responsibility activities involving the Bank;
• -Planning, monitoring and execution of information security processes;
• -Reviewing and responding to suggestions, requests, and complaints submitted through any channel, applying improvements in response to reports, meeting quality standards applicable to customer services, keeping recordings of the relevant conversations with the call center, and where necessary, performing analyses on such conversations after having been listened to by our authorized departments;
• -Carrying out efficiency and expediency analyses for our commercial operations, and planning and execution of such operations;
• -Managing and registering communications with the Bank;
• -Carrying out reporting and auditing activities;
• -Planning and/or execution of activities regarding the establishment and maintenance and/or release of collateral;
• -Performing credibility assessments, keeping track of and applying controls on credit monitoring and repayment processes;
• -Managing legal, financial, commercial, compliance and reputation risks concerning the Bank, carrying out required procedures to protect our interests in the disputes we are a party to;
• -Performing international cash transfers, processing payment objections regarding the transactions performed abroad via credit cards, carrying out collection procedures regarding foreign checks;
• -Exchanging information with agencies and entities specified under the provisions of the Banking Law No. 5411, as well as banks, potential buyers, or the risk assessment center, preparing consolidated financial statements for main establishments, implementing risk management and internal auditing practices, carrying out valuation activities for the sale of the Bank’s assets including credits and associated securities, carrying out valuation, rating and support services, and overseeing independent audit activities and service procurements;
• -Making banking services available and usable for customers with disabilities.

 

Above are the purposes and conditions applicable for the processing in compliance with Articles 5 and 6 of the Law No. 6698.

Your personal data can also be processed for the abovementioned purposes within the framework of the agreements or following joint operations with legal or natural third parties engaged in business with the Bank.

1.1.Affiliated or Associated Natural Person Representatives, Shareholders and Employees of Legal Person Customers

Your personal data can be obtained to the extent disclosed to us or to the public, by the legal person you are affiliated or associated with, which is one of our customers within the framework of the business and transactions such legal person carries out with the Bank. At times we process such information within the framework of the execution and performance of contracts with the relevant legal persons, and under the risk management activities of the Bank.

1.2.Persons Included in the Risk Group

Article 49 of the Banking Law No. 5411 defines the individuals covered in the risk group. In this context, for natural persons, the person themselves, along with their spouse, children, and companies these persons serve as a board member or general manager, or control directly or indirectly on their own or in combination with a legal person, or take part with unlimited liability, along with qualified shareholders, board members and general managers of banks, and companies these persons serve as a board member or general manager, or control directly or indirectly on their own or in combination, or take part with unlimited liability, and legal and natural persons engaged in sponsorship, guarantee or similar relationships so as to cause insolvency of one or more of them in the case of insolvency of other(s) are considered risk group members. The Banking Regulation and Supervision Board is also authorized to identify other legal and natural persons to be included in the risk group.

The personal data of the persons included in the risk group can be processed for the purposes of fulfilling our legal obligations, including those introduced in banking regulations, identifying risk groups, establishing total credit lines extendable to persons within the same risk group, performing credibility analyses, and managing legal and financial risks concerning the Bank.

1.3.Persons Extending Guarantee or Collateral for the benefit of Product or Service Recipients

The personal data of persons who extend guarantee or collateral for the persons who currently use our products or services is processed to ensure the management of the Bank’s legal and financial risks; implement required procedures for protecting our rights in the disputes involving the Bank; provide our products and services and carry out credibility assessments and to guarantee the collection of the amounts owed to the Bank in case the product or service recipient does not pay their obligations before the Bank, or falls into insolvency.

1.4.Activity/Event Participant

Photo or video shoots can take place during the training courses, seminars, events, invitations and other occasions organized by the Bank. Such visual recordings can be processed to provide visual representations of the events organized by the Bank, so as to facilitate public presentation, information and/or awareness raising efforts, and to implement acts to reinforce the brand value and reputation of the Bank, as well as to add to its advertising and promotion activities.

1.5.Affiliated or Associated Officers/Employees of Suppliers/Business Partners

Your personal data can be obtained to the extent disclosed to us or to the public, by the legal person you are affiliated and/or associated with, which is one of our suppliers/business partners within the framework of the business and transactions such legal person, of whom you are an officer and/or employee, carries out with the Bank. Such information is processed within the framework of the execution and performance of contracts with the relevant legal persons, and under the risk management activities of the Bank.

2.PERSONAL DATA COLLECTION AND METHODOLOGY
 

The Bank shall process your personal data in line with the purposes specified in the present Disclosure Text. In case of any changes to the purpose of processing of your personal data, you will be asked to extend further consent. The personal data collected and used by the Bank includes, among others, the following:

	Contents of Personal Data
Identity Details	Documents such as driver’s license, national ID copy, or passport containing details such as full name, Turkish ID number, tax ID number, nationality, mother’s name, father’s name, place of birth, date of birth, and gender, as well as signature/initials.
Contact Details	Data used for communication purposes such as phone number, full address details, email address, residence address, work address, account statement address.
Financial Data	Financial data such as financial and wage details, monthly income details, debt details, account balance details, payroll slips, home ownership, interest rates applicable, total assets, family income, bank transfer details, foreign currency transaction details, investment amount, tax office details, savings account/drawing account details, interest details, loan/credit card limits and balance details.
Sensitive Personal Data	Biometric data, Medical report, blood type, Devices and prosthetic limbs registered on the driver’s license (photocopy of the driver’s license) Disability status Blood type and religion fields of the national ID
Legal Procedure Data	Personal data processed for the purposes of assessing and monitoring legal receivables and entitlements, performance of obligations and legal requirements, as well as compliance with the Bank’s policies, in addition to file and debt details regarding debt enforcement procedures (information provided on documents such as court and administrative authority rulings).
Process Security Data	Personal data processed to ensure our as well as your technical, administrative, legal and commercial security as we engage in commercial operations (information required to associate the transaction with the relevant person, attesting the authorization of that person for the specified transaction, such as password, IMEI number, verification method, verification code, browser type, username, fraud method, and any other data to be taken into consideration within the framework of fraud scenarios).
Location Data	Address details, details of transaction location.
Professional Experience Data	The organization the person works in, their tenure, social security registration type, line of business, title, education, overall tenure.
Personnel Data	All kinds of personal data processed to generate the information to serve as the basis of personnel rights of natural persons engaged in a service relationship with the Bank (ID details included in the personnel file, job application form, passport photo, education details, graduation details, copy of diploma, profession, previous employer, resume, private pension details).
Physical Space Security Data	Personal data regarding the records and documents, collected at the time of entrance to or during the stay at the physical space; surveillance footage and records taken at security checkpoints.
Customer Transaction Data	Account details, bank details, recipient bank details, relevant regional directorate, check details, annual fee details, account statement details, account movements, bank transfer details, transaction details, card details and movements, collection details, payment details, cash instructions, internet transaction details, branch details, interest accrual details, credit utilization details, policy details, swift transaction details, virtual POS details, collateral details.
Audio and Video Recordings	Photo and video recordings (other than those covered by the Physical Space Security Details section), audio recordings (such as phone conversation recordings).
Other Data	Mother’s name, father’s name, military service obligation details, employer, years of tenure, education details, foreign language proficiency details, tax number and other tax details, intelligence and financial details, mortgage details, transaction prohibition details, survey details, relevant real estate agent details, residential dwelling details, customer limit, industry, employee and agent details.

 

Your personal data can be collected through any kind of information and documents you submit to the Bank or obtained from third parties, the Bank’s information processing system, and surveillance footage, both prior to and during and after the establishment of the service relationship.

3)THE POTENTIAL RECIPIENTS AND PURPOSE OF TRANSFER OF PROCESSED PERSONAL DATA
 

Your personal data can be transferred, subject to the personal data processing terms and purposes stipulated in Law No. 6698, Article 8 regarding the transfer of personal data and Article 9 regarding the overseas transfer of personal data, and within the scope of the restrictions imposed by applicable regulations, including but not limited to the Banking Law, exclusively for the above purposes and the performance of the obligations imposed by applicable regulations, to various authorities such as the Banking Regulation and Supervision Agency, Capital Markets Board, Central Bank of Turkey, Financial Crimes Investigation Board, Risk Center of the Banks Association of Turkey, Small- and Medium-Scale Enterprises Development and Support Department of Turkey, Turkish Ministry of Treasury and Finance, Social Security Agency, Credit Registration Bureau, the Banks Association of Turkey; legally authorized government agencies such as ministries and judicial authorities; local and/or overseas collaborating consultants where permitted by the regulations; local and overseas banks serving as brokers/custodians in the context of security custody requests, settlement agencies, subsidiaries, joint ventures, and all branches and offices thereof; educational institutions and organizations; financial institutions; independent audit firms; banks and any employees, officials and sub-contractors thereof.

4)METHOD AND LEGAL GROUNDS OF PERSONAL DATA COLLECTION
 

Your personal data is collected at the time of establishing and during the term of your legal relationship with the Bank, so as also to cover the written/digital applications submitted with regard to the Bank Headquarters’ website, customer contacts, other agencies and institutions (MERNİS, Risk Center of the Banks Association of Turkey, etc.), and the Bank’s website, with personal data collected through these methods being processed as per Articles 5, 6 and 8 of the Law No. 6698, on the following legal grounds:

• -Presence of explicit consent;
• -Cases explicitly stipulated in the regulations applicable to the Bank;
• -Provided that it is directly related with the execution or performance of a contract, the requirement to process personal data belonging to the parties to the contract so as to provide the required products and services and fulfill the requirements of the contracts you have executed;
• -Being necessary for fulfilling a legal requirement;
• -Data processing being necessary for establishing, exercising, or maintaining a right;
• -The data having been disclosed by the data owner themselves;
• -Data processing being necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not disturbed.

 

In case the personal data is transferred abroad, in addition to compliance with the abovementioned legal grounds, the foreign country to which the personal data is to be transferred should:

• -Provide adequate safeguards
• -In the lack of adequate safeguards, on the other hand, personal data can still be transferred abroad, provided that the Bank and the data controller in the relevant overseas country to which the data will be transferred submit a written commitment to provide adequate protection, and that the Personal Data Protection Board extends approval.

5)PERSONAL DATA OWNER’S RIGHTS STIPULATED IN ARTICLE 11 OF THE LAW NO. 6698

            According to the provision of Article 11 of the Law No. 6698, you have the right to:
            • Learn whether your personal data is processed or not;
            • Request relevant information in case your personal data has been processed;
            • Learn the purpose of processing your personal data and whether it is used in accordance with the intended purpose;
            • Learn the third parties to which your personal data is transferred inside or outside the country;
            • Demand correction in case your personal data is processed incompletely or inaccurately, and demand notification of the third party recipients of your personal data about the procedure carried out;
            • Demand the deletion or destruction of your personal data in case the grounds for processing thereof no longer apply, even if the processing had been compliant with the provisions of the Law No. 6698 and other applicable regulations, and demand notification of the third party recipients of your personal data about the procedure carried out;
            • File an objection should you believe that the results of the analysis of your processed data exclusively through automated systems have led to consequences detrimental to you;
            • Demand restitution in case you suffer damages due to illegal processing of your personal data.
 
            In case you communicate your demands regarding your rights to the Bank, the Bank shall respond to the demand free of charge, as soon as possible, and within a maximum of thirty days depending on the nature of your demand. However, in case the process entails further costs, the Bank shall charge fees as per the tariff set by the Personal Data Protection Board. In this context, you can submit your demands regarding the implementation of the Personal Data Protection Law, by filling out the Personal Data Application Form and delivering it via the following methods:
 

• -Delivery in written form at the General Directorate building located at the address Saray Mahallesi, Dr. Adnan Büyükdeniz Cd No:10, 34768 Ümraniye/Istanbul;
• -Delivery to the address Saray Mahallesi, Dr. Adnan Büyükdeniz Cd. No: 10, 34768 Ümraniye/Istanbul via return-registered mail or through a notary public by affixing the documents to ascertain the identity of the data owner;
• -Email delivery to kvkkbasvuru@kalkinma.com.tr, with secure electronic signature;
• -Delivery via KEP (Registered Electronic Mail) through KEP account to the address kalkinmabankasi.hukuk@hs02.kep.tr.

EXPLICIT CONSENT

UNDER THE PERSONAL DATA PROTECTION LAW

Within the framework of the Disclosure Text under the Personal Data Protection Law, presented to us in compliance with the relevant provisions of the Personal Data Protection Law No. 6698 and

with regard to ID, address, and contact details, as well as any personal data and sensitive personal data, including those used or usable for identification, submitted to “TÜRKİYE KALKINMA VE YATIRIM BANKASI A.Ş.” by me, through verbal/written and/or electronic communication, I hereby accept and declare that I give my explicit consent under the Personal Data Protection Law (KVKK) for the following in light of the applicable regulations and the standards for the protection of personal data, in order for “TÜRKİYE KALKINMA VE YATIRIM BANKASI A.Ş.” to comply with your agreements and orders; perform necessary assessments regarding the service provided; conduct credibility assessments, banking and insurance procedures; prevent laundering of criminal proceeds; guarantee compliance with domestic and international regulations including but not limited to capital markets, tax, social security and consumer rights regulations; perform correspondent banking services at home and abroad; comply with risk monitoring and reporting obligations; adhere to the disclosure, reporting, notification obligations required by the Credit Registry Bureau, Banking Regulation and Supervision Agency, Central Bank of Turkey, Capital Markets Board, Financial Crime Investigation Board, the Banks Association of Turkey, Turkish Ministry of Treasury and Finance, and other authorities; comply with the information and document archiving obligations introduced by the legal legislation; prevent fraud; guarantee security; execute the planning, statistics, and training activities the Bank needs; establish and implement the commercial and business strategies of the Bank; maintain finance, communications, market research, procurement, internal banking system and application management operations; manage our legal procedures; implement social responsibility projects; provide better and reliable services to you in an uninterrupted manner; review the equality of opportunities inside the Bank and treat the personnel on an equal basis; carry out promotion, marketing, advertising and campaign processes for products and services; use thereof in meetings, invitations, seminars and events; perform the Bank’s contractually required legal and commercial obligations within the framework of the agreements or joint activities performed with legal or natural third parties the Bank is doing business with; establish, exercise or protect a right; conduct performance evaluations accurately and objectively; maintain corporate and administrative management functions; provide banking services and engage in the planning of such services:

- Storage, processing, use, or transfer by the Bank and/or data processor appointed by the Bank;
- Bank transferring such data to domestic and international third parties the Bank provides services to or procures services from, as well as to its shareholders, subsidiaries and affiliates, government and private agencies and entities, provided that the required security measures are taken; and such personal data being processed by these third parties, agencies and entities as well;
- Communicating with the relevant party via SMS, phone, internet, email and various other means from within and outside the country for all these purposes; the audio, image and video recordings made and works produced for these purposes being used on the Bank’s corporate website, social media accounts and visual, audio, and print media;
- Personal data being stored, subject to the time frames stipulated by laws, to enable the Bank to perform its legal obligations, and for as long as the time frame stipulated by laws or required for the purpose of data processing, or in cases where the legitimate interests of the Bank require so;
- ID details, address details, contact details and various other personal data being processed, obtained, saved, securely stored on electronic or physical media, kept, modified, revised, disclosed and transferred in accordance with the regulations, taken over, categorized, processed, or protected from further use, in line with the general principles stipulated in Article 4 of the Personal Data Protection Law No. 6698 (“KVKK”) including but not limited to the principle of data storing subject to time frames stipulated by the regulations or required for the purpose of processing; and I further accept and declare that I have been informed by the Company with respect to the issues specified above.

I also accept and declare that I give my explicit consent for the transfer of my personal data by the Company, to Türkiye Kalkınma ve Yatırım Bankası A.Ş. personnel, officials, group companies (Company and/or business partners, shareholders), other government agencies and institutions authorized by law, provided that the purposes specified above are observed; as well as to independent audit firms, business partners and service providers Türkiye Kalkınma ve Yatırım Bankası A.Ş. procures services from or cooperates with, within the framework of legal requirements and restrictions for the purposes of executing its operations.

Furthermore, I am aware of and agree to my rights under the provision of Article 11 of the Law No. 6698, for learning whether my personal data is processed or not; requesting relevant information if my personal data has been processed; inquiring about the purpose of processing my personal data and whether the use of my personal data is in line with the intended purpose; learning the third parties to which my personal data is transferred inside or outside the country; requesting correction in case my personal data has been processed incompletely or incorrectly and requesting the notification of third parties to which my personal data is transferred, about the process carried out; requesting the deletion or destruction of my personal data in case the grounds for processing thereof no longer apply even if the initial processing had been in line with the provisions of the Law No. 6698 and other applicable regulations, and requesting the notification of third parties to which my personal data is transferred, about the process carried out; filing an objection in case I believe that the results of the analysis of my processed personal data exclusively through automated systems lead to consequences detrimental to me; and demanding damages for any losses I may incur as a result of illegal processing of my personal data; and I further know and agree that, in case the relevant procedures cause extra costs, the Bank may charge fees as per the tariff stipulated by the Personal Data Protection Board, and that I can exercise these rights through submitting my request entailing the remarks regarding the right I wish to exercise, along with the information required to identify me

by filling out the Application Form for Personal Data:

• -in written form at the headquarters;
• -via return-registered mail or through a notary public with the addition of documents to ascertain the identity of the data owner;
• -via email signed with secure electronic signature, and sent to kvkkbasvuru@kalkinma.com.tr;
• -via KEP (Registered Electronic Mail) through KEP account, sent to the address kalkinmabankasi.hukuk@hs02.kep.tr.

Moreover, I agree and declare that the personal data I disclosed to the Bank is accurate and current, and that I will notify the Bank about any changes regarding such data.

I agree and declare that I give my explicit consent for the processing of my relevant personal data, including my sensitive personal data as described in KVKK, the use and sharing thereof subject to the specified purpose of processing under the relevant process, as well as the storage for as long as it is required, and that I have been provided with the necessary information regarding this matter and have read and understood this text.

I have read and agree to the KVKK Disclosure Text.