Your Feedback Is Important For Us

FİBABANKA A.Ş. INFORMATION REGARDING PROTECTION AND PROCESSING OF PERSONAL DATA

a) Data Controller and Representative

According to the Law no.6698 on Protection of Personal Data (the “Law”), your personal data may be processed by Fibabanka A.Ş., in the capacity of Data Controller, within the scope of explained below. Within the scope of the law, “Data Processing” means all kinds of information made on the data, such as obtaining, recording, keeping, classifying personal data partially or completely, by automatic means or via the ways which are part of any data recording system, and disclosing the personal data to third persons to the extent permitted within the scope of relevant legislation.

Fibabanka takes the security measures at the highest level possible, for the purposes of ensuring that your personal data be collected, kept and shared legally and protecting the confidentiality thereof.

b) For what purposes shall personal data be processed

Your personal data which are collected shall be processed for following purposes (the “Purposes”), within the scope of the personal data processing terms and conditions and purposes set forth in articles 5 and 6 of the Law.

These purposes are;

• Your personal data shall be processed for performing necessary works by related business lines and carrying out the business processes in relation thereto in order to conduct the banking activities carried out to offer all our products and services within the scope of the Banking Law, mainly the deposits, credits, payment services, insurance, private pension and investment services, via all channels including stores, branches, electronic banking.
• For implementation of an agreement which you request to be a party to, before and after entering into relevant agreement, recording the applicants communication details and updating his/her identity data (identity data: name-surname, date and place of birth, identity number, e-mail address, phone number, title, nationality and signature specimen, tax number/social security number), creating all records and documents in written and verbal environments, thereafter conducting the customer relations, providing support services,
• Fulfilling the requests of official authorities and competent institutions, giving information arising from relevant legislation, ensuring legal compliance process,
• Ensuring compliance with the safekeeping periods set forth in relevant legislation,
• Following financial and fiscal transactions, making the risk analyses,
• Determining and implementing the Bank’s commercial and business strategies,
• Following the legal affairs,
• Conducting the information security processes, performing activities relating to audit and ethics,
• Keeping, for the general prescription period, the personal data to be admissible as evidence in disputes likely to occur in the future,
• Your personal data shall be processed for the purposes of accepting, evaluating and finalising your requests and complaints, within the scope of the personal data processing terms and conditions and purposes.

Furthermore, even if you are not our customer, your personal data may be processed, for the purposes (the “Purposes”) of determining, monitoring, reporting and checking the risk group which you shall be included in order to determine the limits of credit which shall be made available to a risk group according to the banking legislation (you, your spouse, your children and, qualified shareholders, members of the board of directors and general manager of a bank or the partnerships, of which aforesaid persons serve as a member of the board of directors or general manager or which are controlled by aforesaid persons or jointly with a legal entity or solely, directly or indirectly or which they participate in with unlimited liability, partnerships which are jointly and individually, directly or indirectly controlled by aforesaid persons or of which aforesaid persons are a partner with unlimited liability or serve as a member of the board of directors or general manager, and real and legal person which have suretyship, guarantee or similar relations to an extent where insolvency of one of them shall result in insolvency of another one or some others among them; constitute risk group.), within the limits of processing the personal data of related persons included in the risk group.

c) Method and Legal Reason of Collecting the Personal Data

Your personal data shall be collected, within the scope of fulfilment of the Purposes defined above, in electronic environment, by filling in the online participation form / communication form / application form, by means of conversations made via the call centre, by conversations made in cases when you contact our Bank, branch by our mobile applications, short message, e-mail or in electronic environment online banking, ATMs, in physical environment, by visits you make to contracted stores, by means of the channels via which you shall contact us on social media.

Your personal data shall be collected and processed by our Bank, for following purposes and legal reasons, based on the terms and conditions for processing personal data, set forth in articles 5 and 6 of the Law.

Provided that it is directly related with concluding or implementing this agreement, based on the legal reason that it is required to process the personal data of the parties to the agreement;

• before and after entering into relevant agreement, recording the applicants communication details and updating his/her identity data (identity data: name-surname, date and place of birth, identity number, e-mail address, phone number, title, nationality and signature specimen, tax number/social security number), creating all records and documents in written and verbal environments, thereafter providing support services,

Based on the legal reason that it is explicitly set forth in the laws and it is required for the Data Controller to fulfil his/her legal obligation;

• Fulfilling the requests of official authorities
• Legal compliance process
• Ensuring compliance with safekeeping obligations set forth in relevant legislation
• Responding to, inquiring the applications of related persons in accordance with the legislation and making necessary transaction.

Provided that the basic rights and freedoms of related person are not impaired, based on the legal reason that processing of personal data is required for legitimate interests of the Data Controller;

• Conducting customer relations,
• Analysing the data relating to credit history and payment behaviour in order to assess credit risk and to evaluate repayment capability of any credit,
• Legal and Commercial risk analyses
• Following financial transactions, conducting fiscal affairs
• Setting and implementing the commercial and business strategies of our Bank
• Following and conducting legal affairs
• Conducting the information security processes
• Performing the activities relating to audit and ethics,

Based on the legal reason that processing of personal data is required for establishing, using or protecting a right;

• Accepting, evaluating and finalising your requests and complaints

Your personal data shall be processed by Fibabanka for the purposes of complying with the regulations relating to keeping them for legally required periods and complying other domestic and foreign legislation; providing you better and reliable services and maintaining this uninterruptedly.

d) To Whom and For What Purposes Can Personal Data Be Disclosed

Being limited to achieving the Purposes specified below; your personal data collected may be processed and disclosed to our business partners which we cooperate within the scope of our legitimate interests, consultants and other technical services providers from whom we receive services within the scope of our legitimate interests, persons, institutions permitted in the Banking Law and the legislation, institutions considered as financial institution and other third persons within the scope of conducting the Banking activities and fulfilling our legal obligations, to public entities such as the BRSA (Banking Regulation and Supervision Agency), CBRT (Central Bank of the Republic of Turkey), ISS (Identity Sharing System), BKM (Interbank card Centre), MASAK (Financial Crimes Investigation Board), GİB (Revenue Administration), CMB (Capital Markets Board) and the BAT (Banks Association of Turkey) Risk Centre and legally authorised public institutions and legally authorised private persons, to the institutions from which we receive support services for the purpose of sharing with relevant administrative and official authorities in order to prevent terrorist financing and money laundering and without being limited to these, to prevent any kinds of illegal acts, to the companies for which we conduct activities of intermediation / in the capacity of agency, for the purpose of ensuring compliance with the obligations of keeping, reporting, providing the information as required by other authorities and providing information regarding the changes and updated in relation to the banking services; conducting enterprise analysis and R&D studies; if you give explicit consent to serve you better, to promote new products and services, to conduct marketing and promotion activities, to offer you special products and services, with our affiliated partnerships, subsidiaries and other third parties, within the scope of your consent, within the framework of the personal data processing terms and conditions and purposes set forth in articles 8 and 9 of the Law.

e) Rights of Related Person Set Forth in Article 11 of the Law

We would like to declare that, as the owner of personal data, you shall have following rights, in accordance with article 11 of the Law:

• If your personal data are processed, requesting information in relation thereto,
• Being informed about the reason of processing your personal data and regarding whether they are used for intended purpose, or not,
• Knowing the third persons, to whom your personal data are disclosed in Turkey or abroad,
• In case your personal data are processed incompletely or incorrectly, requesting correction thereof and requesting that any transaction made in this context, be declared to third persons to whom your personal data are disclosed,
• Although processed in compliance with the provisions of the Law and other relevant laws, in case the reasons which require processing thereof, cease to exist, requesting deletion or destruction of your personal data and requested that any transaction made in this context, be declared to third persons to whom your personal data are disclosed,
• Objecting to any consequence which shall occur to your disadvantage by analysing your processed personal data, exclusively by means of automatic systems,
• If any loss is incurred due to processing of your personal data illegally, requesting indemnification of the loss.

As the personal data owners, if you send your requests relating to your rights set forth in above mentioned article 11 of the Law no.6698, to Fibabanka by methods set forth below, Fibabanka shall finalise the request free of any charge, as soon as possible and at the latest within thirty days, depending on the nature of relevant request. However, if transaction requires a separate cost, fee set forth in the tariff determined by the Personal Data Protection Board, shall be charged by Fibabanka. In this context, as the personal data owners;

You can make your applications to our Bank within the scope of the Law no.6698, by presenting the information certifying your identity, together with your request containing your explanations regarding your right you want to exercise, among the rights set forth in article 11 of the Law no.6698; by filling in the data owner application form available at the address of “https://www.fibabanka.com.tr/docs/default-source/bize-ulasin/kisisel-verilerin-korunmasi-kanunu/kisisel-veri-sahibi-basvuru-formu.pdf?sfvrsn=f9a24760_6” and presenting a signed copy of the form to the branches or to the address “Esentepe Mah. Büyükdere Cad. No:129 -34394 Şişli – İstanbul”, together with the documents certifying your identity, or via the e-mail address of “fibabanka.kisiselveri@hs03.kep.tr”.