Protection of Personal Data

Protection of Personal Data

Share

Information Notice On The Processing Of Customers’ Personal Data

INFORMATION NOTICE ON THE PROCESSING OF CUSTOMERS’ PERSONAL DATA

As Türk Ekonomi Bankası A.Ş. (the “Bank”), acting with the awareness of responsibility as a bank, we exercise reasonable care and diligence as required to ensure the privacy, confidentiality and security of the personal data processed within the scope of performance of our activities.

This Türk Ekonomi Bankası A.Ş. Information Notice on the Processing of Customers’ Personal Data (the “Information Notice”) has been prepared to inform you within the framework of Article 10 of the Law no. 6698 on Protection of Personal Data (the “Law”) and the Communiqué on Procedures and Principles to be followed for the Fulfilment of the Obligation to Inform.

We act as the data controller while processing your data as our customers with respect to the data processing activities we conduct within the scope of our banking activities. With this Information Notice, we inform you about your personal data processed, our purposes of processing and sharing/transferring your data and our legal reasons constituting the basis for such activities and the retention period of your data.

Which of Your Personal Data Do We Process?

Your data that are listed below are used in the data processing activities conducted by our Bank:

Identification data (For example; your name, surname, date and location of birth, national identity number)
Contact data (For example; your home/office address, e-mail address, your phone/mobile phone number)
Data relating to family situation (For example marital status information)
Data relating to education and professional life (For example; the school that you graduated from, information relating to your workplace)
Economic and financial information (For example; information relating to your income, information relating to your credit history, information relating to banking products that you use)
Marketing data (For example; usage habits, survey results)
Digital platform usage data (For example; Your records obtained via cookie records and similar technologies)
Location data (Information relating to your location)
Data relating to financial transactions at the Bank (For example; credit/debit card expenditure information, account summary)
Data regarding risk management and financial security (For example, the data required for know-your-customer, know-your-supplier, anti-terrorism and anti-fraud purposes)
Data on the Bank’s facilities’ physical security (For example; CCTV records, records regarding visitors)
Data regarding transaction security and the security of the Bank’s cyberspace (For example, user names, passwords, audit trails, logs)
Requests/complaints and reputation management data (the data that you have provided in the requests, claims or complaints forwarded to the Bank)
Legal transaction data (For example requests communicated by judicial authorities)
Visual and audio records (For example; call center conversation records)

Some of your personal data is subject to a higher level of protection; these data are classified as “special categories of personal data” and are listed in the Law. We strive not to process your personal data of special categories in the activities conducted by our Bank. However, in some cases, we may process your sensitive data for example, your religion and blood type information obtained within the scope of mandatory ID card photocopying; If you choose to use a voice signature or fingerprint for authentication in mobile application or call center channels, give your biometric data; information about your conviction within the scope of our legal obligations; If you request to pay association or union membership fees/subscriptions, your special data showing that you are a member of these institutions; information about your disability, which is necessary for the performance of our service obligations towards our disabled customers; such as information about your health that you transmit in order to carry out your insurance transactions as an insurance agent.

During the processes where it is obligatory to have a photocopy of your ID card, the Bank does not process and add blood type and religion information stated in the ID card in the system. It is included in the system only because of the copy of the identity document. We diligently carry out the necessary technical work to delete this information in our systems.

Why Do We Process or Transfer Your Personal Data?

Your personal data is processed and transferred by the Bank for the purposes of carrying out required operations in order to sustain commercial activities of the Bank, leveraging reputation and business relations of the Bank as well as determination of its strategies, management of marketing activities of the Bank, ensuring legal and physical security of the Bank to allow the Bank’s customers to benefit from the banking services.

Following purposes may be considered as samples to the mentioned main purposes: maintaining credit extension processes, carrying out sales process for banking services, carrying out insurance, private pension and investment services, carrying out activities oriented to customer satisfaction, carrying out necessary marketing activities providing that the customers benefit from the products and services of Bank, management of complaints, management of events, forming business processes of the Bank, management of information security, setting up and management of information technologies infrastructure, management of financial security processes (Such as Know Your Customer, Anti-Money Laundering, Anti-Fraud and combating with other unlawful transactions), carrying out audit activities, litigation and execution processes. You may find detailed information relating to these purposes by clicking here.

For Which Legal Reasons Do We Process Your Personal Data?

Under articles 5 and 6 of the Law, your personal data are processed by the Bank under the following circumstances:

In cases where your explicit consent is obtained
To exercise or fulfil our rights or obligations specified in the laws or regulations, communiques, decisions of administrative authorities and any other secondary legislation;
In cases requiring data processing, providing that it is directly related with the conclusion or implementation of the agreement that you have signed with our Bank;
In cases where data processing is required for the establishment, exercise or protection of a right.
In cases where it is mandatory for the legitimate interests of the Bank, provided that this processing shall not violate your fundamental rights and freedoms

In addition, your personal data of special categories are processed only if you have given your explicit consent or if it is explicitly stipulated in the laws that the Bank is subject to.

For Which Legal Reasons Do We Transfer Your Personal Data to Third Parties?

We share your personal data with the legally authorized public agencies or private institutions such as the BRSA(Banking Regulation and Supervision Agency), CMB (Capital Markets Board of Turkey), Turkish Financial Crimes Investigation Board (MASAK), the Central Bank of Republic of Turkey, etc.; the Bank’s direct or indirect subsidiaries and shareholders at home and abroad, support service providers, business partners, consultants, suppliers, Mastercard, Visa and the legally authorized public legal entities, private persons or judicial authorities under the following circumstances:

In cases where your explicit consent is obtained
To exercise or fulfil our rights or obligations specified in the laws or regulations, communiques, decisions of administrative authorities and any other secondary legislation;
In cases requiring data processing, providing that it is directly related with the establishment or performance of the agreement that you have signed with our Bank;
In cases where data processing is required for the establishment, exercise or protection of a right.
In cases where it is mandatory for the legitimate interests of the Bank, provided that this processing shall not violate your fundamental rights and freedoms

In addition, your special categories of personal data may be transferred only if your explicit consent is obtained or such processing is explicitly envisaged in laws that our Bank subject to.

The transfer of your personal data to abroad is subject to your explicit consent. However, in cases where at least one of the legal reasons for data processing as listed above exists, the party that the data will be transferred to and our Bank take the measures specified in the legislation, and the transfer is approved by the Personal Data Protection Authority, we transfer your data to abroad, providing to be limited with the relevant legal reason.

How and in Which Mediums Do We Collect your Personal Data?

Principally we collect your personal data from 3 different sources in physical or electronic environments: (i) data obtained as per your declaration, (ii) data obtained as a result of your usage of our Bank’s services and products or (iii) data obtained from authorized organizations and institutions.

Within this scope your personal data is collected from our Bank’s Head Office, branches, ATM, internet banking and mobile banking channels, the Bank’s web sites, call center or the Bank’s other contact channels through phone, channels where active sales activities are carried out, face-to-face customer meetings, self-service units with assistant support, CCTV, SMS, e-mails, cookies and similar tracking technologies, subsidiaries and sales offices, unions and associations such as chambers of commerce and artisans, fax, mail, cargo or courier services and from databases (Identity Sharing System, Risk Center of Banks Association of Turkey, Central Civil Registration System etc.) of the institutions and organizations providing support services or having business partnerships to the extent permitted by laws and arrangement, within those limitations and via obtaining your approval if it is required by law.

For How Long Do We Process or Retain Your Personal Data?

We process your personal data during the effective term of the agreement signed by and in effect between you and our Bank.

Following the expiry of this period, we continue to process or store the relevant data if there is any legal provision allowing us to process the relevant data for a longer period, including, the Banking Law in particular, or if there exists any of the legal reasons for such data processing. At the end of these periods, we will immediately delete, destroy or anonymize your personal data.

What Kind of Measures Do We Take to Protect Your Personal Data?

The Bank takes various measures to ensure the security of your personal data. We can classify these measures as organizational measures and technical measures. Organizational measures refer to the measures related to the organization such as employee trainings, access rights restrictions, etc. Technical measures refer to the measures taken relating to our Bank’s systems.

What are Your Rights About Your Personal Data?

Under article 11 of the Law, you have the following rights regarding your personal data:

To learn whether your personal data is processed or not;
If any personal data have been processed, to request information about such processing;
To learn the purpose of processing of personal data and whether your personal data are used for intended purposes or not;
To know the third parties to whom the personal data are transferred at home or abroad;
To request the rectification of the incomplete or inaccurate data, if any;
To request for erasure or destruction of your personal data;
To request for notification of the relevant actions to the third parties to whom personal data are transferred in case of correction, erasure or destruction of personal data;
To object to unfavourable consequences arising against the related person through analysis of the processed data exclusively via automated systems;
To request for compensation of any loss or damages incurred due to unlawful processing of personal data.

As the Bank, we take all the necessary organizational and technical measures in line with the requirements of the legislation to ensure that you can easily exercise your rights granted by the Law to you, i.e. the data subjects.

You can exercise your rights mentioned above by completing the application form that you can obtain from the Bank’s website (published on the link) or our Bank’s branches and forwarding it to our Bank through the following methods:

Form must be filled completely and:

May be delivered by hand and in writing to our Branches,
May be sent to our Bank address via registered mail with return receipt or notary public,
May be sent via an e-mail message to kvkkbasvuru@teb.com.tr with a secure electronic
signature,
May be sent through a Registered E-Mail (KEP) account via KEP to turkekonomibankasi@hs03.kep.tr.

In addition, you can send your petition in written stating your requests clearly to our branches or via your e-mail address that you have previously notified to our bank and registered in our systems, or by another method included in the Communiqué on Application Procedures and Principles to the Data Controller published by the Data Protection Authority (KVKK).

Our bank shall conclude your requests regarding your rights listed above as soon as possible and within thirty days at the latest after the transmission date. You may be charged a fee based on the tariffs published by the Personal Data Protection Authority.

Additional information and documentation may be requested by our bank in order to verify your identity as well as to clarify your demand for the purpose of responding to submitted applications. In case of failure to provide such information and documentation, your application may not be responded in order to secure your data.

For further information on the processing of personal data by the Bank, please refer to TEB A.Ş. Personal Data Processing and Protection Policy provided on this link.

Updated on 28 April 2020

Data Protection Notice On Processing Of Personal Data For Customer Acquisition And Account Opening/Usage

DATA PROTECTION NOTICE ON PROCESSING OF PERSONAL DATA FOR CUSTOMER ACQUISITION AND ACCOUNT OPENING/USAGE

1. Purpose and Scope

We, Türk Ekonomi Bankası A.Ş. (“TEB”), are acting as data controller for data processing activities subject to this Data Protection Notice on Processing of Personal Data for Customer Acquisition and Account Opening/Usage (“Data Protection Notice”) as per the Law on Personal Data Protection numbered 6698 and the relevant regulations (“Data Protection Regulation”). As having responsibilities as a bank, we do exercise outmost care and diligence for the lawful processing of your personal data in line with the principles of the Data Protection Regulation and other regulations, to preserve its confidentiality and security.

This Data Protection Notice has been prepared in order to inform you by TEB on collection methods, legal reasons for personal data processing and purpose thereof, persons/institutions to whom personal data are been transferred and purpose of transfer and your rights as data subject as per Data Protection Regulation.

You may find relevant information from the below table regarding our bank processing your personal data.

Trade Name:	Türk Ekonomi Bankası A.Ş.
Address:	TEB Kampüs C ve D Blok Saray Mah. Sokullu Cad. No: 7A-7B Ümraniye/İSTANBUL
Mersis Number:	0876004342000105
Trade Registry Number:	189356
Communication channels:	Communication Channels under https://www.teb.com.tr/contact-us/

You might access the data protection notice on the main activities of our bank from https://www.teb.com.tr/pdp

2. Categories of Processed Personal Data

Personal data categories processed by TEB as data controller and examples of the personal data belonging to these categories are listed in the below table.

Categories of Processed Personal Data	Examples of Personal Data
Identity Data	Name surname, names of the mother-father, date of birth, birthplace, data in the identity documents, ID number/passport number/tax number
Contact Data	Home/work address, address number, e-mail, telephone number
Data on Family and Relatives	Civil status, information on family and relatives such as number of children
Data on Education, Work and Professional Life	Profession, work experience, current work, education
Economic and Financial Data	Information on income and assets, credit records, information on tax payments, data on financial products and services
Customers’ Financial Transaction Data	Transactions and details relating to financial products and services, credit card usage information, bank card usage information, credit/deposit/FX account transactions, information on check/ bonds, bank receipt information, payment instructions
Card Payment Data	Credit card/bank card number, expiry date, security code
Digital Activity Data	Data collected by the usage of cookies and similar track methods such as IP address, information on the device
Data on Transaction Security and Cyber Security of the Institution	Username, password, audit trail record, log records, alerts on the prevention of fraud, other data on the security of the bank’s cyber space
Data on Risk Management and Financial Security	Know your customer, information that might be used for the prevention of terrorism, prevention of fraud and risk management (work/field of activity, source of income, credit risk score, credit and risk information)
Audio and Visual Records	Call Centre/telephone records, video chat records, photo and video records
Reference Identifiers	Reference information allowing the Bank/Institution to identify the customer (customer number, product application number, transaction number, agreement number)
Data on Request/Complaint and Reputation Management	Request and complaints made through various channels, responses of the Bank to the requests and complaints, information used by the bank for reputation management
Legal Transaction Data	Information on Litigation, legal follow-up and mediation cases, demands submitted from legal authorities and Responses of the Bank/Institution to such requests.
Data on Facilities Physical Security	Entry- exit information of the visitors, camera records
Location Data	Location Data of the data subject
Marketing Data	Financial product and service usage habits, previous shopping and financial transaction information, areas of interest and preferences that might be relevant for financial product and service offers, survey results conducted for marketing purposes, information on campaign participation and preferences
Processed Special Category of Personal Data	Examples of Special Category of Personal Data
Data on Criminal Convictions and Security Measures	Information on criminal record and conviction, protection measures

The special category of personal data declared to be processed as per the above table is subject to a strict protection regime due to its sensitive nature and classified as special category of personal data. As TEB we make our best effort not to process your special categories of personal data during the data processing unless it is required and necessary. In this regard, only Criminal Convictions and Security Measures data which is one of the special categories of personal data might be processed in case you are involved in the relevant processes. The management of financial security processes (money laundering of the crime revenues, terrorism financing, corruption, bribery, prevention of fraud) might be given as an example of the activities where criminal convictions and security measure data might be processed.

3. Personal Data Collection Methods

Your personal data might be collected directly from you, or third parties as explained in below with automatic or non-automatic methods.

(i) Methods of Collecting the Personal Data Directly From You

Information or documents containing your personal data might be collected through oral or written conversations made face to face with the TEB head quarter, branch, direct and active sale teams or through electronic communication tools (telephone/call centre, SMS, fax, e-mail, video call etc.) or with non-automatic methods using post, cargo, or courier services.
Information or documents containing your personal data might be collected automatically from mobile banking channels, website of our bank, ATMs, kiosk, turbo devices, self-service units with assistance support, call centre and branch IVR system, SMA, CCTV.

(ii) Methods of Collecting the Personal Data From Third Parties

Information or documents containing your personal data might be collected by non-automatic means using physical or electronic channels from business partner distributors or sale offices, e-commerce websites, association, institution or private persons such as chamber of commerce, chamber of artisans, trade associations, judicial authorities and public and private institutions authorised by law such as Banking Regulation and Supervision Agency, representatives such as power of attorneys, guardian, custodians to the extent permitted by law and the executed agreements.
Information or documents containing your personal data might be automatically collected from the authorised public and private institutions database (Identity Sharing System, Address Sharing System, Central Population Administration System, Central Registration System, Land Registry and Cadastre Information System, Risk Centre of the Bank’s Association of Turkey, Trade Registry Offices, Turkish Revenue Administration, Interbank Card Centre, Ministry of Treasury and Finance, General Directorate of Highways and person and institutions issuing invoices, to whom you have contact for your payments and collections etc.) provided that there is a system integration and to the extent permitted by law and the executed agreements.

4.Purposes of Processing Personal Data and Legal Reasons

Your personal data processed by TEB and categorised in the list above might be processed for the purposes and legal reasons stated in the below table.

Categories of Processed Personal Data	Purpose of Process	Legal Reason
Identity Data Contact Data Economic and Financial Data Digital Activity Data Audio and Visual Records Legal Transaction Data Data on Transaction Security and Cyber Security of the Institution Card Payment Data Reference Identifiers Customers’ Financial Transaction Data Data on Request/Complaint and Reputation Management Data on Family and Relatives Data on Education, Work and Professional Life Data on Risk Management and Financial Security	Informing authorised public and private institutions as per the applicable laws and regulations	Data processing is explicitly provided for by the law (Article 5.2 (a) of the Data Protection Law)

	Ensuring the physical security of the Bank/Institution
	Setting up the required actions to conduct lawfully the Bank’s/Institution’s activities
	Relationship management of support service providers, business partners or suppliers
	Conducting processes related to payment services
	Ensuring accuracy and up to dateness of the data
	Conducting accountancy and invoice transactions
	Conducting audit activities
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
Identity Data Contact Data Customers’ Financial Transaction Data Economic and Financial Data Data on Risk Management and Financial Security Data on Request/Complaint and Reputation Management Location Data Digital Activity Data Reference Identifiers Audio and Visual Records Data on Family and Relatives Data on Education, Work and Professional Life Data on Transaction Security and Cyber Security of the Institution Card Payment Data Legal Transaction Data	Conducting the sales process of the Bank’s/Institution’s services	Data processing is required for the establishment and performance of the contract between you and TEB (Article 5.2 (c) of the Data Protection Law)
	Conducting customer services
	Conducting POS processes
	Conducting payment service processes
	Conducting ID verification processes
	Analysing suitability of business processes and their productivity
	Managing customer relations
	Managing customer complains
	Designing the Bank’s /Institution’s business processes
	Relationship management of support service providers, business partners or suppliers
	Follow-up agreement processes
	Ensuring accuracy and up to dateness of the data
	Designing operational activities
	Management of IT security
	Ensuring the accessibility of the Bank’s /Institution’s services
	Conducting litigation and legal follow-up processes
	Conducting accountancy and invoice transactions
Identity Data Contact Data Data on Family and Relatives Data on Education, Work and Professional Life Economic and Financial Data Customers’ Financial Transaction Data Data on Risk Management and Financial Security Audio and Visual Records Legal Transaction Data Data on Request/Complaint and Reputation Management Location Data Data on Physical Security Data on Transaction Security and Cyber Security of the Institution Reference Identifiers Digital Activity Data Card Payment Data	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)	Data processing is necessary for compliance with a legal obligation to which the data controller is subject (Article 5.2 (ç) of the Data Protection Law)
	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities
	Conducting audit activities
	Determining the Bank’s /Institution’s strategies
	Designing operational activities
	Risk management of compliance processes
	Informing authorised public and private institutions as per the applicable laws and regulations
	Conducting litigation and legal follow-up processes
	Managing customer complaints
	Managing the Bank’s/Institution’s operational risks
	Management of the Bank’s /Institution’s liquidity and liquidity risk
	Management of the Bank’s/ Institution’s interest rate and interest rate risk
	Analysing suitability of business processes and their productivity
	Conducting accountancy and invoice transactions
	Setting Up and Management of the IT and infrastructure
	Ensuring the security of physical data
	Relationship management of support service providers, business partners or suppliers
	Ensuring accuracy and up to dateness of the data
	Conducting payment service activities
	Managing customer complains
	Ensuring the accessibility of the Bank’s /Institution’s services
	Sustainability and Activities on Sustainability
Identity Data Contact Data Legal Transaction Data Economic and Financial Data Customers’ Financial Transaction Data Card Payment Data Audio and Visual Records Digital Activity Data Data on Transaction Security and Cyber Security of the Institution Data on Request/Complaint and Reputation Management	Conducting litigation and legal follow-up processes	Data processing is necessary for the establishment, exercise or protection of any right (Article 5.2 (e) of the Data Protection Law)
	Managing customer complaints
	Managing customer relations
Identity Data Contact Data Legal Transaction Data Economic and Financial Data Data on Facilities Physical Security Data on Education, Work and Professional Life Customers’ Financial Transaction Data Data on Risk Management and Financial Security Reference Identifiers Families and Relatives Audio and Visual Records Data on Transaction Security and Cyber Security of the Institution Digital Activity Data Legal Transaction Data Data on Request/Complaint and Reputation Management Location Data	Designing the strategy of the Bank/Institution	Data processing is necessary for the legitimate interests pursued by the data controller (Article 5.2 (f) of the Data Protection Law)
	Analysing the Bank’s/Institutions systems and their development
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Event management of the Bank for third parties outside the Institution
	Conducting audit activities
	Ensuring accuracy and up to dateness of the data
	Designing operational activities
	Managing activities aiming for customer satisfaction
	Management of the Bank’s/ Institution’s interest rate and interest rate risk
	Managing the Bank’s/Institution’s operational risks
	Sustainability and Activities on Sustainability
	Management of the Bank’s /Institution’s liquidity and liquidity risk
	Designing the Bank’s /Institution’s business processes
	Analysing suitability of business processes and their productivity
Identity Data Contact Data Economic and Financial Data Customers’ Financial Transaction Data Digital Activity Data Card Payment Data Data on Education, Work and Professional Life Data on Risk Management and Financial Security Families and Relatives Location Data Audio and Visual Records Marketing Data	Conducting cross sale activities for products and services provided	Explicit consent of the data subject (Article 5.1 of the Data Protection Law)
	Determining products and services personalized for you
	Conducting advertising, campaign and promotion activities in all mediums including digital channels and communicate with you within this respect
	Conducting data analyse, modelling and scoring activities for marketing purposes
	Establishing and increasing customer loyalty to product and services
	Communicate with you in order to conduct a satisfaction and marketing survey on the products and services for marketing purposes
Data on Criminal Convictions and Security Measures	Risk Management on compliance processes	Processing of Sensitive Data is stipulated under the relevant law (Article 6.3 of the Data Protection Law)
	Conducting litigation and legal follow-up processes
	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Conducting audit activities

5. Transferring Your Personal Data to Third Parties and Purpose of Transfer

Your personal data processed by TEB and categories in the list above might be transferred to the below mentioned recipients for the mentioned purposes and for the legal reasons stipulated under Article 8 and 9 of the Data Protection Law.

Recipient	Purpose of Transfer
Public and Private Institutions authorised to receive information/documents and legal institutions (Banking Regulation and Supervision Agency, Capital Market Board, Central Bank of Turkey, Turkish Revenue Administration, Financial Crimes Investigation Board, Interbank Card Centre, Risk Centre of the Banks Association of Turkey, Courts, prosecution offices etc.)	Informing the authorised public and private institutions as per the applicable laws and regulations Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Ensuring the legal and physical security of the Bank Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities
Institutions providing external service or support service (any advisor, institution or party from whom TEB provides supplementary services or is collaboration for archive services, card/statement printing services, call centre, IT services, Bank’s operational services, collection management, audit, rating services etc.)	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities Ensuring the legal and physical security of the bank Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Conducting marketing and cross sale activities
Business Partners (Institutions with whom a cooperation relation has been established for providing financial product and services) and TEB Group*	Conduct the required activities for the Bank’s commercial activities Improve the Bank’s reputation and business relations and determine the Bank’s strategies Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conducting marketing and cross sale activities
Local and Foreign Banks and Financial Institutions, Contracted Merchants, Payment Service Providers, Other Financial Institutions which are members of a payment program, Institutions providing international card payment systems such as Mastercard Int. Inc. and Visa Inc. or local institutions providing card payment systems	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities
Direct or Indirect Shareholders of TEB and BNP Paribas Group **	Disclosing information/documents to our main shareholder for the purposes of preparing a consolidated financial statement, risk management, internal audit and credit assessment to the extent permitted as per the applicable banking regulations Improve the Bank’s reputation and business relations and determine the Bank’s strategies
* ‘TEB Group’ Means a group of companies including TEB Holding A.Ş. and our bank and composed of affiliates. You may access to detailed information on such group of companies from https://www.teb.com.tr/about-teb/TEB-group
‘BNP Paribas Group**’ Means a group of companies composed of BNP Paribas S.A. and its affiliates

6. Your Rights with Respect to Your Personal Data

You might exercise your below mentioned rights with respect to your personal data by contacting TEB as per article 11 of the Data Protection Law.

To learn whether your personal data has been processed or not,
If personal data has been processed, to request information on such personal data,
To learn the purpose of processing your personal data and whether such personal data is used for intended purposes,
To learn the third parties to whom your personal data is transferred in Turkey or abroad,
To request the rectification of your incomplete or inaccurate data, if any and notify such rectification to third parties to which such personal data had been transferred,
To request the erasure, destruction or anonymisation or your personal data if the legal reason for its processing no longer exits and request the notification of such erasure, destruction or anonymisation to third parties to which the relevant personal data had been transferred,
To object to the processing of your personal data by automatic systems if such analyse leads to an unfavourable result for the data subject,
To request compensation for your damage arising from the unlawful processing of your personal data.

You might exercise your above-mentioned rights by filling out the application form published underhttps://www.teb.com.tr/pdp or available in our Bank’s branches and deliver it to the Bank through any mean listed in below.

You might fill in the form and;

Deliver it in written form to our branches,
Send it to our Bank’s address via return receipt registered mail or through notary public
To kvkkbasvuru@teb.com.tr e-mail address via your e-mail previously notified to our Bank or by signing the relevant form with secure electronic signature.
With Registered Electronic Mail (KEP) from your Registered Electronic Mail account to turkekonomibankasi@hs03.kep.tr address.

Also, you might transmit your request through any other method stipulated under the Communiqué on the Procedure and Principles on the Application to the Data Controller.

Our Bank would respond to your request free of charge as soon as possible following the receipt thereof and within thirty days at the latest. In principle, your application is processed free of charge. However, if the response requires any cost, fees might be charged in accordance with the tariff set by the Personal Data Protection Board.

During the preparation of a response to your query, our Bank might request from you any additional document and information for the verification of your identity and clarify your request. If case, you would not share the relevant information and documents your application our Bank reserves the right not to respond to your query due to ensuring the security of your data.

Güncelleme tarihi: 26 Ekim 2023

Data Protection Notice On Processing Customers Personal Data For Credit Processes

DATA PROTECTION NOTICE ON PROCESSING CUSTOMERS PERSONAL DATA FOR CREDIT PROCESSES

1. Purpose and Scope

We, Türk Ekonomi Bankası A.Ş. (“TEB”), are acting as data controller for data processing activities subject to this Data Protection Notice on Processing Customers Personal Data for Credit Processes (“Data Protection Notice”) as per the Law on Personal Data Protection numbered 6698 and the relevant regulations (“Data Protection Regulation”). As having responsibilities as a bank, we do exercise outmost care and diligence for the lawful processing of your personal data in line with the principles of the Data Protection Regulation and other regulations and to preserve its confidentiality and security.

You may find relevant information from the below table regarding our bank processing your personal data.

Trade Name:	Türk Ekonomi Bankası A.Ş.
Address:	TEB Kampüs C ve D Blok Saray Mah. Sokullu Cad. No: 7A-7B Ümraniye/İSTANBUL
Mersis Number:	0876004342000105
Trade Registry Number:	189356
Communication channels:	Communication Channels under https://www.teb.com.tr/contact-us/

You might access the data protection notice on the main activities of our bank from https://www.teb.com.tr/pdp

2. Categories of Processed Personal Data

Personal data categories processed by TEB as data controller and examples of the personal data belonging to these categories are listed in the below table:

Categories of Processed Personal Data	Examples of Personal Data
Identity Data	Name surname, names of the mother-father, date of birth, birthplace, data in the identity documents, ID number/passport number/tax number
Contact Data	Home/work address, address number, e-mail, telephone number
Data on Family and Relatives	Civil status, information on Data on Family and Relatives such as number of children
Data on Education, Work and Professional Life	Profession, work experience, current work, education
Economic and Financial Data	Information on income and assets, credit records, information on tax payments, data on financial products and services
Customers’ Financial Transaction Data	Transaction and details relating to financial products and services, credit card usage information, bank card usage information, credit/deposit/FX account transactions, information on check/bonds, bank receipt information, payment instructions
Card Payment Data	Credit card/bank card number, expiry date, security code
Digital Activity Data	Data collected by the usage of cookies and similar track methods such as IP address, information on the device
Data on Transaction Security and Cyber Security of the Institution	Username, password, audit trail record, log records, alerts on the prevention of fraud, other data on the security of the bank’s cyber space
Data on Risk Management and Financial Security	Know your customer, information that might be used for the prevention of terrorism, prevention of fraud and risk management (work/field of activity, source of income, credit risk score, credit and risk information)
Audio and Visual Records	Call Centre/telephone records, video chat records, photo and video records
Reference Identifiers	Reference information allowing the Bank/Institution to identify the customer (customer number, product application number, transaction number, agreement number)
Data on Request/Complaint and Reputation Management	Request and complaints made through various channels, responses of the Bank to the requests and complaints, information used by the bank for reputation management
Legal Transaction Data	Information on Litigation, legal follow-up and mediation cases, demands submitted from legal authorities and Responses of the Bank/Institution to such requests.
Data on Facilities’ Physical Security	Entry- exit information of the visitors, camera records
Location Data	Location data of the data subject
Marketing Data	Financial product and service usage habits, previous shopping and financial transaction information, areas of interest and preferences that might be relevant for financial product and service offers, survey results conducted for marketing purposes, information on campaign participation and preferences
Processed Special Category of Personal Data	Examples of Special Category of Personal Data
Data on Criminal Convictions and Security Measures	Information on criminal record and conviction, protection measures

The special category of personal data declared to be processed as per the above table is subject to a strict protection regime due to its sensitive nature and classified as special category of personal data. As TEB we make our best effort not to process your special categories of personal data during the data processing unless it is required and necessary. In this regard, only criminal convictions and security measures data which is one of the special categories of personal data might be processed in case you are involved in the relevant processes. The management of financial security process (money laundering of the crime revenues, terrorism financing, corruption, bribery, prevention of fraud) might be given as an example of the a activities where criminal convictions sentence and security measure data might be processed.

3. Personal Data Collection Methods

Your personal data might be collected directly from you, or third parties as explained in below with automatic or non-automatic methods.

(i) Methods of Collecting the Personal Data Directly From You

Information or documents containing your personal data might be collected through oral or written conversations made face to face with the TEB head quarter, branch, direct and active sale teams or through electronic communication tools (telephone/call centre, SMS, fax, e-mail, video call etc.) or with non-automatic methods using post, cargo, or courier services.
Information or documents containing your personal data might be collected automatically from mobile banking channels, website of our bank, ATMs, kiosk, turbo devices, self-service units with assistance support, call centre and branch IVR system, SMA, CCTV.

(ii) Methods of Collecting the Personal Data From Third Parties

Information or documents containing your personal data might be collected by non-automatic means using physical or electronic channels from business partner distributors or sale offices, e-commerce websites, association, institution or private persons such as chamber of commerce, chamber of artisans, trade associations, judicial authorities and public and private institutions authorised by law such as Banking Regulation and Supervision Agency, representatives such as power of attorneys, guardian, custodians to the extent permitted by law and the executed agreements.
Information or documents containing your personal data might be automatically collected from the authorised public and private institutions database (Identity Sharing System, Address Sharing System, Central Population Administration System, Central Registration System, Land Registry and Cadastre Information System, Risk Centre of the Bank’s Association of Turkey, Trade Registry Offices, Turkish Revenue Administration, Interbank Card Centre, Ministry of Treasury and Finance, General Directorate of Highways and person and institutions issuing invoices, to whom you have contact for your payments and collections etc.) provided that there is a system integration and to the extent permitted by law and the executed agreements.

4. Purposes of Processing Personal Data and Legal Reasons

Your personal data processed by TEB and categorised in the list above might be processed for the purposes and legal reasons stated in the below table.

Categories of Processed Personal Data	Purpose of Process	Legal Reason
Identity Data Contact Data Data on Family and Relatives Data on Education, Work and Professional Life Data on Financial Products, Assets and Financial Condition Data on Customers Financial Transactions Data on Request/Complaint and Reputation Management Data on Risk Management and Financial Security Legal Transaction Data	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities	Data processing is expressly provided for by the law (Article 5.2 (a) of the Data Protection Law)
	Informing authorised public and private institutions as per the applicable laws and regulations
	Risk management of credit processes
	Relationship management of support service providers, business partners or suppliers
	Ensuring accuracy and up to dateness of the data
	Conducting accountancy and invoice transactions
	Conducting audit activities
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
Identity Data Contact Data Data on Family and Relatives Data on Education, Work and Professional Life Data on Financial Products, Assets and Financial Condition Data on Customers Financial Transactions Card System Payment Information Data on Risk Management and Financial Security Legal Transaction Data Data on Request/Complaint and Reputation Management Digital Activity Data Reference Identifiers Data on Transaction Security and Cyber Security of the Institution Location Data	Ensuring that the customers benefit from Bank’s/Institutions services	Data processing is required for the establishment and performance of the contract between you and TEB (Article 5.2 (c) of the Data Protection Law)
	Conducting the Bank’s/Institution’s sale processes
	Managing customer services
	Designing and maintaining credit disbursement processes
	Managing credit payment and collection processes
	Conducting POS processes
	Conducting accountancy and invoice transactions
	Managing customer complains
	Managing customer relations
	Relationship management of support service providers, business partners or suppliers
	Designing operational activities
	Designing the Bank’s /Institution’s business processes
	Conducting litigation and legal follow-up processes
	Analysing suitability of business processes and their productivity
	Ensuring accuracy and up to dateness of the data
Identity Data Contact Data Data on Family and Relatives Data on Education, Work and Professional Life Data on Financial Products, Assets and Financial Condition Data on Risk Management and Financial Security Data on Customers Financial Transactions Data on Request/Complaint and Reputation Management Location Data Legal Transaction Data Audio and Visual Records Data on Transaction Security and Cyber Security of the Institution Reference Identifiers Digital Activity Data Card System Payment Information	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities	Data processing is necessary for compliance with a legal obligation to which the data controller is subject (Article 5.2 (ç) of the Data Protection Law)
	Informing authorised public and private institutions as per the applicable laws and regulations
	Risk management of credit processes
	Conducting audit activities
	Managing operational risks of the Bank/Institution
	Management of the Bank’s /Institution’s liquidity and liquidity risk
	Management of the Bank’s/ Institution’s interest rate and interest rate risk
	Conducting accountancy and invoice transactions
	Conducting litigation and legal follow-up processes
	Risk management of compliance processes
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Designing operational activities
	Determining the Bank’s /Institution’s strategies
	Managing customer relations
	Managing customer complaints
	Conducting POS processes
	Ensuring accuracy and up to dateness of the data
Identity Data Contact Data Data on Financial Products, Assets and Financial Condition Data on Education, Work and Professional Life Data on Family and Relatives Data on Customers Financial Transactions Card System Payment Information Legal Transaction Data Data on Transaction Security and Cyber Security of the Institution Digital Activity Data Audio and Visual Records Data on Request/Complaint and Reputation Management	Conducting litigation and legal follow-up processes	Data processing is necessary for the establishment, exercise or protection of any right (Article 5.2 (e) of the Data Protection Law)
	Managing credit payment and collection processes
	Managing customer relations
	Managing customer complaints
Identity Data Contact Data Data on Financial Products, Assets and Financial Condition Data on Customers Financial Transactions Data on Family and Relatives Data on Education, Work and Professional Life Data on Transaction Security and Cyber Security of the Institution Data on Risk Management and Financial Security Reference Identifiers Digital Activity Data Card System Payment Information Data on Request/Complaint and Reputation Management Data on Facilities’ Physical Security Legal Transaction Data	Designing the strategy of the Bank/Institution	Data processing is necessary for the legitimate interests pursued by the data controller (Article 5.2 (f) of the Data Protection Law)
	Ensuring accuracy and up to dateness of the data
	Conducting market research activities
	Analysing and improvement of the Bank’s/Institution’s systems.
	Conducting audit activities
	Sustainability and activities on sustainability
	Analysing suitability of business processes and their productivity
	Managing activities aiming for customer satisfaction
	Designing the Bank’s /Institution’s business processes
	Management of the Bank’s /Institution’s liquidity and liquidity risk
	Management of the Bank’s/ Institution’s interest rate and interest rate risk
	Managing the Bank’s/Institution’s operational risks
	Risk management of compliance processes
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
Identity Data Contact Data Data on Financial Products, Assets and Financial Condition Data on Family and Relatives Data on Education, Work and Professional Life Data on Customers Financial Transactions Data on Risk Management and Financial Security Location Data Digital Activity Data Card System Payment Information Audio and Visual Records Marketing Data	Conducting cross sale activities for products and services provided	Explicit consent of the data subject (Article 5.1 of the Data Protection Law)
	Determining products and services personalized for you
	Conducting advertising, campaign and promotion activities in all mediums including digital channels and communicate with you within this respect
	Conducting data analyse, modelling and scoring activities for marketing purposes
	Establishing and increasing customer loyalty to product and services
	Communicate with you in order to conduct a satisfaction and marketing survey on the products and services for marketing purposes
Data on Criminal Convictions and Security Measures	Risk management on compliance processes	Processing of sensitive data is stipulated under the relevant law (Article 6.3 of the Data Protection Law)
	Conducting litigation and legal follow-up processes
	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Conducting audit activities

5. Transferring Your Personal Data to Third Parties and Purpose of Transfer

Your personal data processed by TEB and categories in the list above might be transferred to the below mentioned recipients within the scope of the data processing for credit products and services for the legal reasons stipulated under Article 8 and 9 of the Data Protection Law

Recipient	Purpose of Transfer
Public and Private Institutions authorised to receive information/documents and legal institutions (Banking Regulation and Supervision Agency, Capital Market Board, Central Bank of Turkey, Turkish Revenue Administration, Financial Crimes Investigation Board, Interbank Card Centre, Risk Centre of the Banks Association of Turkey, Courts, prosecution offices etc.)	Informing the authorised public and private institutions as per the applicable laws and regulations Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Ensuring the legal and physical security of the bank Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities
Institutions providing external service or support service (any advisor, institution or party from whom TEB provides supplementary services or is collaboration for archive services, card/statement printing services, call centre, IT services, Bank’s operational services, collection management, audit, rating services or is in collaboration)	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities Ensuring the legal and physical security of the bank Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Conducting marketing and cross sale activities
Business Partners (Institutions with whom a cooperation relation has been established for providing financial product and services) and TEB Group*	Conduct the required activities for the Bank’s commercial activities Improve the Bank’s reputation and business relations and determine the Bank’s strategies Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conducting marketing and cross sale activities
Local and Foreign Banks and Financial Institutions, Contracted Merchants, Payment Service Providers, Other Financial Institutions which are members of a payment program, Institutions providing international card payment systems such as Mastercard Int. Inc. and Visa Inc. or local institutions providing card payment systems	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities
Asset Management Companies or other companies to whom our receivables has been transferred (companies and institutions assessing and acquiring the receivables)	Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities Ensuring the legal and physical security of the bank
Direct or Indirect Shareholders of TEB and BNP Paribas Group **	Disclosing information/documents to our main shareholder for the purposes of preparing a consolidated financial statement, risk management, internal audit and credit assessment to the extent permitted as per the applicable banking regulations Improve the Bank’s reputation and business relations and determine the Bank’s strategies
* ‘TEB Group’ Means a group of companies including TEB Holding A.Ş. and our bank and composed of affiliates. You may access to detailed information on such group of companies from https://www.teb.com.tr/about-teb/TEB-group
** ‘BNP Paribas Group’ Means a group of companies composed of BNP Paribas S.A. and its affiliates

6. Your Rights with Respect to Your Personal Data

You might exercise your below mentioned rights with respect to your personal data by contacting TEB as per article 11 of the Data Protection Law.

To learn whether your personal data has been processed or not,
If personal data has been processed, to request information on such personal data,
To learn the purpose of processing your personal data and whether such personal data is used for intended purposes,
To learn the third parties to whom your personal data is transferred in Turkey or abroad,
To request the rectification of your incomplete or inaccurate data, if any and notify such rectification to third parties to which such personal data had been transferred,
To request the erasure, destruction or anonymisation or your personal data if the legal reason for its processing no longer exits and request the notification of such erasure, destruction or anonymisation to third parties to which the relevant personal data had been transferred,
To object to the processing of your personal data by automatic systems if such analyse leads to an unfavourable result for the data subject,
To request compensation for your damage arising from the unlawful processing of your personal data.

You might exercise your above-mentioned rights by filling out the application form published under https://www.teb.com.tr/pdp or available in our Bank’s branches and deliver it to the Bank through any mean listed in below.

You might fill in the form and;

Deliver it in written to our branches,
Send it to our Bank’s address via return receipt registered mail or through notary public
To kvkkbasvuru@teb.com.tr e-mail address via your e-mail previously notified to our Bank or by signing the relevant form with secure electronic signature.
With Registered Electronic Mail (KEP) from your Registered Electronic Mail account to turkekonomibankasi@hs03.kep.tr address.

Also, you might transmit your request through any other method stipulated under the Communiqué on the Procedure and Principles on the Application to the Data Controller.

Güncelleme tarihi: 26 Ekim 2023

Data Protection Notice On Processing Of Customer Personal Data For Invesment Activities

DATA PROTECTION NOTICE ON PROCESSING OF CUSTOMER PERSONAL DATA FOR INVESTMENT ACTIVITIES

1. Purpose and Scope

We, Türk Ekonomi Bankası A.Ş. (“TEB”), are acting as data controller for data processing activities subject to this Data Protection Notice on Processing of Customer Personal Data for Investment Activities (“Data Protection Notice”) as per the Law on Personal Data Protection numbered 6698 and the relevant regulations (“Data Protection Regulation”). As having responsibilities as a bank, we do exercise outmost care and diligence for the lawful processing of your personal data in line with the principles of the Data Protection Regulation and other regulations, to preserve its confidentiality and security.

You may find relevant information from the below table regarding our bank processing your personal data.

Trade Name:	Türk Ekonomi Bankası A.Ş.
Address:	TEB Kampüs C ve D Blok Saray Mah. Sokullu Cad. No: 7A-7B Ümraniye/İSTANBUL
Mersis Number:	0876004342000105
Trade Registry Number:	189356
Communication channels:	Communication Channels under https://www.teb.com.tr/contact-us/

You might access the data protection notice on the main activities of our bank from https://www.teb.com.tr/pdp

2. Categories of Processed Personal Data

Personal data categories processed by TEB as data controller and examples of the personal data belonging to these categories are listed in the below table.

Categories of Processed Personal Data	Examples of Personal Data
Identity Data	Name surname, names of the mother-father, date of birth, birthplace, data in the identity documents, ID number/passport number/tax number
Contact Data	Home/work address, address number, e-mail, telephone number
Data on Education, Work and Professional Life	Profession, work experience, current work, education
Economic and Financial Data	Information on income and assets, credit records, information on tax payments, data on financial products and services
Customers’ Financial Transaction Data	Transaction and details relating to financial products and services, credit card usage information, bank card usage information, credit/deposit/FX account transactions, information on check/bonds, bank receipt information, payment instructions
Digital Activity Data	Data collected by the usage of cookies and similar track methods such as IP address, information on the device
Data on Transaction Security and Cyber Security of the Institution	Username, password, audit trail record, log records, alerts on the prevention of fraud, other data on the security of the bank’s cyber space
Data on Risk Management and Financial Security	Know your customer, information that might be used for the prevention of terrorism, prevention of fraud and risk management (work/field of activity, source of income, credit risk score, credit and risk information)
Audio and Visual Records	Call Centre/telephone records, video chat records, photo and video records
Reference Identifiers	Reference information allowing the Bank/Institution to identify the customer (customer number, product application number, transaction number, agreement number)
Data on Request/Complaint and Reputation Management	Request and complaints made through various channels, responses of the Bank to the requests and complaints, information used by the bank for reputation management
Legal Transaction Data	Information on Litigation, legal follow-up and mediation cases, demands submitted from legal authorities and Responses of the Bank/Institution to such requests.
Data on Facilities’ Physical Security	Entry- exit information of the visitors, camera records
Location Data	Location Data of the data subject
Marketing Data	Financial product and service usage habits, previous shopping and financial transaction information, areas of interest and preferences that might be relevant for financial product and service offers, survey results conducted for marketing purposes, information on campaign participation and preferences
Processed Special Category of Personal Data	Examples of Special Category of Personal Data
Data on Criminal Convictions and Security Measures	Information on criminal record and conviction, protection measures

The special category of personal data declared to be processed as per the above table is subject to a strict protection regime due to its sensitive nature and classified as special category of personal data. As TEB we make our best effort not to process your special categories of personal data during the data processing unless it is required and necessary. In this regard, only criminal convictions and security measures data which is one of the special categories of personal data might be processed in case you are involved in the relevant processes. The management of financial security process (money laundering of the crime revenues, terrorism financing, corruption, bribery, prevention of fraud) might be given as an example of the a activities where criminal convictions sentence and security measure data might be processed.

3. Personal Data Collection Methods

Your personal data might be collected directly from you, or third parties as explained in below with automatic or non-automatic methods.

(i) Methods of Collecting the Personal Data Directly From You

Information or documents containing your personal data might be collected through oral or written conversations made face to face with the TEB head quarter, branch, direct and active sale teams or through electronic communication tools (telephone/call centre, SMS, fax, e-mail, video call etc.) or with non-automatic methods using post, cargo, or courier services.
Information or documents containing your personal data might be collected automatically from mobile banking channels, website of our bank, ATMs, kiosk, turbo devices, self-service units with assistance support, call centre and branch IVR system, SMA, CCTV.

(ii) Methods of Collecting the Personal Data From Third Parties

Information or documents containing your personal data might be collected physically or by electronic means using non-automatic means from external sources or support service providers, business partners, legal authorities, and public institutions authorised by law such as Capital Market Board, Merkezi Kayıt Kuruluşu A.Ş., Banking Regulation and Supervision Agency, Turkish Revenue Administration, representatives such as power of attorneys, guardians, custodian and from institutions on behalf of whom orders are transmitted and from portfolio management companies and investment funds within the scope of custody services to the extent permitted by law and the executed agreements,
Information or documents containing your personal data might be automatically collected from institutions on behalf of whom orders are transmitted and from portfolio management companies and investment funds within the scope of custody services by using the authorised public and private institutions database (Identity Sharing System, Address Sharing System, Central Population Administration System, Central Registration System, Merkezi Kayıt Kuruluşu A.Ş. and Ministry of Treasury and Finance) provided that there is a system integration and to the extent permitted by law and the executed agreements.

4. Purposes of Processing Personal Data and Legal Reasons

Your personal data processed by TEB and categorised in the list above might be processed for the purposes and legal reasons stated in the below table.

Categories of Processed Personal Data	Purpose of Process	Legal Reason
Identity Data Contact Data Economic and Financial Data Customers’ Financial Transaction Data Audio and Visual Records Legal Transaction Data Data on Request/Complaint and Reputation Management Data on Education, Work and Professional Life Data on Risk Management and Financial Security	Informing authorised public and private institutions as per the applicable laws and regulations	Data Processing is expressly provided for by the law (Article 5.2 (a) of the Data Protection Law)
	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities
	Conducting accountancy and invoice transactions
	Conducting audit activities
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
Identity Data Contact Data Economic and Financial Data Customers’ Financial Transaction Data Audio and Visual Records Data on Request/Complaint and Reputation Management Digital Activity Data Reference Identifiers Data on Transaction Security and Cyber Security of the Institution Data on Risk Management and Financial Security Legal Transaction Data	Conducting the required processes to provide investment product and services	Data processing is required for the establishment and performance of the contract between you and TEB (Article 5.2 (c) of the Data Protection Law)
	Designing and conducting operational activities for the product and services provided as per our activity licenses on transmission of orders, general custody services, intermediation of transactions, intermediation of portfolio services, limited custody services
	Conducting the sales process of investment products and services
	Designing the Bank’s /Institution’s business processes
	Managing customer relations
	Managing customer complains
	Verification of customer identification
	Ensuring accuracy and up to dateness of the data
	Follow-up agreement processes
	Ensuring the accessibility of the Bank’s /Institution’s services
	Conducting litigation and legal follow-up processes
	Conducting accountancy and invoice transactions
	IT Management
	Relationship management of support service providers, business partners or suppliers
Identity Data Contact Data Data on Education, Work and Professional Life Economic and Financial Data Legal Transaction Data Customers’ Financial Transaction Data Data on Request/Complaint and Reputation Management Reference Identifiers Data on Facilities’ Physical Security Data on Transaction Security and Cyber Security of the Institution Digital Activity Data Audio and Visual Records Data on Risk Management and Financial Security	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)	Data processing is necessary for compliance with a legal obligation to which the data controller is subject (Article 5.2 (ç) of the Data Protection Law)
	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities
	Informing authorised public and private institutions as per the applicable laws and regulations
	Risk management of compliance processes
	Conducting audit activities
	Managing customer complains
	Conducting litigation and legal follow-up processes
	Management of the Bank’s/Institution’s operational risks
	Designing operational activities
	Verification of customer identification
	Ensuring the accessibility of the Bank’s /Institution’s services
	Ensuring accuracy and up to dateness of the data
	Conducting accountancy and invoice transactions
Identity Data Contact Data Legal Transaction Data Economic and Financial Data Customers’ Financial Transaction Data Data on Education, Work and Professional Life Audio and Visual Records Data on Request/Complaint and Reputation Management	Conducting litigation and legal follow-up processes	Data processing is necessary for the establishment, exercise or protection of any right (Article 5.2 (e) of the Data Protection Law)
	Managing customer complains
	Managing customer relations
Identity Data Contact Data Economic and Financial Data Customers’ Financial Transaction Data Data on Education, Work and Professional Life Data on Facilities’ Physical Security Data on Risk Management and Financial Security Reference Identifiers Data on Transaction Security and Cyber Security of the Institution Digital Activity Data Audio and Visual Records Legal Transaction Data Data on Request/Complaint and	Designing the strategy of the Bank/Institution	Data processing is necessary for the legitimate interests pursued by the data controller (Article 5.2 (f) of the Data Protection Law)
	Analysing the Bank’s/Institutions systems and their development
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Conducting audit activities
	Ensuring accuracy and up to dateness of the data
	Designing operational activities
	Managing activities aiming for customer satisfaction
	Sustainability and activities on sustainability
	Management of the Bank’s/ Institution’s interest rate and interest rate risk
	Management of the Bank’s/Institution’s operational risks
	Relationship management of support service providers, business partners or suppliers
Identity Data Contact Data Economic and Financial Data Customers’ Financial Transaction Data Data on Risk Management and Financial Security Digital Activity Data Data on Education, Work and Professional Life Location Data Audio and Visual Records Marketing Data	Conducting cross sale activities for products and services provided	Explicit consent of the data subject (Article 5.1 of the Data Protection Law)
	Determining products and services personalized for you
	Conducting advertising, campaign and promotion activities in all mediums including digital channels and communicate with you within this respect
	Conducting data analyse, modelling and scoring activities for marketing purposes
	Establishing and increasing customer loyalty to product and services
	Communicate with you in order to conduct a satisfaction and marketing survey on the products and services for marketing purposes
Data on Criminal Convictions and Security Measures	Risk Management on compliance processes	Processing of sensitive data is stipulated under the relevant law (Article 6.3 of the Data Protection Law)
	Conducting litigation and legal follow-up processes
	Setting up the required actions to conduct lawfully the Bank’s/Institutions activities
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Conducting audit activities

5. Transferring Your Personal Data to Third Parties and Purpose of Transfer

Recipient	Purpose of Transfer
Public and Private Institutions authorised to receive information/documents and legal institutions (Banking Regulation and Supervision Agency, Capital Market Board, Merkezi Kayıt Kuruluşu A.Ş., İstanbul Takas ve Saklama Bankası A.Ş., Central Bank of Turkey, Turkish Revenue Administration, Financial Crimes Investigation Board Investor Compensation Centre, Courts, prosecution offices etc.)	Informing the authorised public and private institutions as per the applicable laws and regulations Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Ensuring the legal and physical security of the bank Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities
Institutions providing external service or support service (any advisor, institution or party from whom TEB provides supplementary services or is collaboration for archive services, bank statement printing services, call centre, IT services, Bank’s operational services, audit, or is in collaboration)	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities Ensuring the legal and physical security of the bank Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Conducting marketing and cross sale activities
TEB Institutions on behalf of whom orders are transmitted, for custody services portfolio management companies and investment funds including the companies within TEB Group*; Local and International Banks and Settlement and Custody Institutions	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities
Business Partners (Institutions with whom a cooperation relation has been established for the provision of investment products and services) and TEB Group*	Ensuring the customers benefit from the Bank’s services Required in order to execute the transaction or fulfil the agreement Conduct the required activities for the Bank’s commercial activities Improve the Bank’s reputation and business relations and determine the Bank’s strategies Conducting marketing and cross sale activities
Direct or Indirect Shareholders of TEB and BNP Paribas Group **	Disclosing information/documents to our main shareholder for the purposes of preparing a consolidated financial statement, risk management, internal audit and credit assessment to the extent permitted as per the applicable banking regulations Improve the Bank’s reputation and business relations and determine the Bank’s strategies
* ‘TEB Group’ Means a group of companies including TEB Holding A.Ş. and our bank and composed of affiliates. You may access to detailed information on such group of companies from https://www.teb.com.tr/about-teb/TEB-group
‘BNP Paribas Group**’ Means a group of companies composed of BNP Paribas S.A. and its affiliates

6. Your Rights with respect to Your Personal Data

You might exercise your below mentioned rights with respect to your personal data by contacting TEB as per article 11 of the Data Protection Law.

To learn whether your personal data has been processed or not,
If personal data has been processed, to request information on such personal data,
To learn the purpose of processing your personal data and whether such personal data is used for intended purposes,
To learn the third parties to whom your personal data is transferred in Turkey or abroad,
To request the rectification of your incomplete or inaccurate data, if any and notify such rectification to third parties to which such personal data had been transferred,
To request the erasure, destruction or anonymisation or your personal data if the legal reason for its processing no longer exits and request the notification of such erasure, destruction or anonymisation to third parties to which the relevant personal data had been transferred,
To object to the processing of your personal data by automatic systems if such analyse leads to an unfavourable result for the data subject,
To request compensation for your damage arising from the unlawful processing of your personal data.

You might exercise your above-mentioned rights by filling out the application form published under https://www.teb.com.tr/pdp or available in our Bank’s branches and deliver it to the Bank through any mean listed in below.

You might fill in the form and;

Deliver it in written to our branches,
Send it to our Bank’s address via return receipt registered mail or through notary public
To kvkkbasvuru@teb.com.tr e-mail address via your e-mail previously notified to our Bank or by signing the relevant form with secure electronic signature.
With Registered Electronic Mail (KEP) from your Registered Electronic Mail account to turkekonomibankasi@hs03.kep.tr address.

Also, you might transmit your request through any other method stipulated under the Communiqué on the Procedure and Principles on the Application to the Data Controller.

Güncelleme tarihi: 26 Ekim 2023

Data Protection Notice On Processing Of Customer Personal Data For Insurance Activities

DATA PROTECTION NOTICE ON PROCESSING OF CUSTOMER PERSONAL DATA FOR INSURANCE ACTIVITIES

1. Purpose and Scope

For insurance and individual pension product and services insurance activities such as issuance of insurance policies, risk and premium calculation, payment of indemnities whose purpose and mean of processing personal data is being directly determined by the insurance companies, the data controller is the insurance company. Türk Ekonomi Bankası A.Ş. (“TEB”) as acting an agency is acting as a data processor for the relevant activities. Any information on the data processing of the activities for which TEB is acting as a data processor is not included in this Data Protection Notice on Processing of Customer Personal Data for Insurance Activities (“Data Protection Notice”). Any information regarding the activities for which TEB is acting as a data processor might be accessed from the data protection notices of the relevant insurance companies. Within this respect under this Data Protection Notice only information on the insurance and individual pension products or services for which TEB is acting as data controller as per the Law on Personal Data Protection numbered 6698 and the relevant regulations (“Data Protection Regulation”) is provided.

As having responsibilities as a bank, we do exercise outmost care and diligence for the lawful processing of your personal data in line with the principles of the Data Protection Regulation and other regulations, to preserve its confidentiality and security.

You may find relevant information from the below table regarding our bank processing your personal data.

Trade Name:	Türk Ekonomi Bankası A.Ş.
Address:	TEB Kampüs C ve D Blok Saray Mah. Sokullu Cad. No: 7A-7B Ümraniye/İSTANBUL
Mersis Number:	0876004342000105
Trade Registry Number:	189356
Communication channels:	Communication Channels under https://www.teb.com.tr/contact-us/

You might access the data protection notice on the main activities of our bank from https://www.teb.com.tr/pdp

2. Categories of Processed Personal Data

Personal data categories processed by TEB as data controller and examples of the personal data belonging to these categories are listed in the below table.

Categories of Processed Personal Data	Examples of Personal Data
Identity Data	Name surname, names of the mother-father, date of birth, birthplace, data in the identity documents, ID number/passport number/tax number
Contact Data	Home/work address, address number, e-mail, telephone number
Data on Family and Relatives	Civil status, information on Data on Family and Relatives such as number of children
Data on Education, Work and Professional Life	Profession, work experience, current work, education
Economic and Financial Data	Information on income and assets, credit records, information on tax payments, data on financial products and services
Customers’ Financial Transaction Data	Transactions and details relating to financial products and services, credit card usage information, bank card usage information, credit/deposit/FX account transactions, information on check/ bonds, bank receipt information, payment instructions
Digital Activity Data	Data collected by the usage of cookies and similar track methods such as IP address, information on the device
Data on Transaction Security and Cyber Security of the Institution	Username, password, audit trail record, log records, alerts on the prevention of fraud, other data on the security of the bank’s cyber space
Data on Risk Management and Financial Security	Know your customer, information that might be used for the prevention of terrorism, prevention of fraud and risk management (work/field of activity, source of income, credit risk score, credit and risk information)
Audio and Visual Records	Call Centre/telephone records, video chat records, photo and video records
References Identifying the Person	Reference information allowing the Bank/Institution to identify the customer (customer number, product application number, transaction number, agreement number)
Data on Request/Complaint and Reputation Management	Request and complaints made through various channels, responses of the Bank to the requests and complaints, information used by the bank for reputation management
Legal Transaction Data	Information on Litigation, legal follow-up and mediation cases, demands submitted from legal authorities and Responses of the Bank/Institution to such requests.
Data on Facilities’ Physical Security	Entry- exit information of the visitors, camera records
Location Data	Location Data of the data subject
Marketing Data	Financial product and service usage habits, previous shopping and financial transaction information, areas of interest and preferences that might be relevant for financial product and service offers, survey results conducted for marketing purposes, information on campaign participation and preferences

Certain personal data is classified as special categories of personal data due to its sensitive nature. As TEB, we make our best effort not to process your special categories of personal data during data processing for insurance and individual pension product and services unless it is required and necessary and take all technical and administrative measures for the relevant special category of personal data in case we do process such personal data. Your health data which is a special category of personal data is only being processed by TEB as data processor for processes in which TEB is acting as an agency for life and health insurance in order to obtain the health statement for the issuance of the insurance policy and invalidity statement for individual pension products. As being previously explained under the Purpose and Scope section of this Data Protection Notice, no information is being provided on processing activities conducted as data processor under this Data Protection Notice.

3. Personal Data Collection Methods

Your personal data might be collected directly from you, or third parties as explained in below with automatic or non-automatic methods.

(i) Methods of Collecting the Personal Data Directly From You

Information or documents containing your personal data might be collected through oral or written conversations made face to face with the TEB head quarter, branch, direct and active sale teams or through electronic communication tools (telephone/call centre, SMS, fax, e-mail, video call etc.) or with non-automatic methods using post, cargo, or courier services.
Information or documents containing your personal data might be collected automatically from mobile banking channels, website of our bank, ATMs, kiosk, turbo devices, self-service units with assistance support, call centre and branch IVR system, SMA, CCTV.

(ii) Methods of Collecting the Personal Data From Third Parties

Information or documents containing your personal data might be collected by non-automatic means using physical or electronic channels from external sources or institutions providing support services, insurance companies for which agency services are provided, business partner distributors or sale offices, association, institution or private persons such as chamber of commerce, chamber of artisans, trade associations, judicial authorities and public and private institutions authorised by law such as Banking Regulation and Supervision Agency, Insurance and Private Pension Regulation and Supervision Agency and representatives such as power of attorneys, guardian, custodians to the extent permitted by law and the executed agreements.
Information or documents containing your personal data might be automatically collected from the authorised public and private institutions database (Identity Sharing System, Address Sharing System, Central Population Administration System, Central Registration System, Insurance Information and Supervision Centre etc.) provided that there is a system integration and to the extent permitted by law and the executed agreements.

4. Purposes of Processing Personal Data and Legal Reasons

Your personal data processed by TEB and categorised in the list above might be processed for the purposes and legal reasons stated in the below table.

Categories of Processed Personal Data	Purpose of Process	Legal Reason
Identity Data Contact Data Family and Relatives Data on Education, Work and Professional Life Economic and Financial Data Audio and Visual Records Legal Transaction Data Customers’ Financial Transaction Data Data on Risk Management and Financial Security Data on Request/Complaint and Reputation Management Data on Facilities’ Physical Security Data on Transaction Security and Cyber Security of the Institution	Informing authorised public and private institutions as per the applicable laws and regulations	Data Processing is explicitly provided for by the law (Article 5.2 (a) of the Data Protection Law)
	Ensuring the physical security of the Bank/Institution
	Setting up the required actions to conduct lawfully the Bank’s/Institution’s activities
	Ensuring accuracy and up to dateness of the data
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
Identity Data Contact Data Family and Relatives Data on Education, Work and Professional Life Economic and Financial Data Audio and Visual Records Legal Transaction Data Customers’ Financial Transaction Data Data on Risk Management and Financial Security Data on Request/Complaint and Reputation Management Data on Facilities’ Physical Security Data on Transaction Security and Cyber Security of the Institution	Setting up the required actions to conduct lawfully the Bank’s/Institution’s activities	Data processing is necessary for compliance with a legal obligation to which the data controller is subject (Article 5.2 (ç) of the Data Protection Law)
	Informing authorised public and private institutions as per the applicable laws and regulations
	Risk management of compliance processes
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Conducting audit activities
	Conducting accountancy and invoice transactions
	Management of customer complaints
Identity Data Contact Data Legal Transaction Data Economic and Financial Data Customers’ Financial Transaction Data Audio and Visual Records Digital Activity Data Data on Transaction Security and Cyber Security of the Institution Data on Request/Complaint and Reputation Management	Conducting litigation and legal follow-up processes	Data processing is necessary for the establishment, exercise or protection of any right (Article 5.2 (e) of the Data Protection Law)
	Management of customer complaints
	Management of customer relations
Identity Data Contact Data Family and Relatives Data on Education, Work and Professional Life Economic and Financial Data Audio and Visual Records Legal Transaction Data Customers’ Financial Transaction Data Data on Risk Management and Financial Security Data on Request/Complaint and Reputation Management Data on Facilities’ Physical Security Reference Values Identifying a Person	Conducting audit activities	Data processing is necessary for the legitimate interests pursued by the data controller (Article 5.2 (f) of the Data Protection Law)
	Analysing the Bank’s/Institutions systems and their productivity
	Analysing the Bank’s/Institutions systems and their development
	Designing the strategy of the Bank/Institution
	Managing activities aiming for customer satisfaction
	Management of customer relations
	Management of customer complaints
	Risk management of compliance processes
	Management of financial security processes (Know your customer, prevention of crime revenues, financing of terrorism and fraud and other illegal activities)
	Ensuring accuracy and up to dateness of the data
Identity Data Contact Data Economic and Financial Data Customers’ Financial Transaction Data Data on Risk Management and Financial Security Digital Activity Data Data on Education, Work and Professional Life Family and Relatives Location Data Audio and Visual Records Marketing Data	Conducting cross sale activities for products and services provided	Explicit consent of the data subject (Article 5.1 of the Data Protection Law)
	Determining products and services personalized for you
	Conducting advertising, campaign and promotion activities in all mediums including digital channels and communicate with you within this respect
	Conducting data analyse, modelling and scoring activities for marketing purposes
	Establishing and increasing customer loyalty to product and services
	Communicate with you in order to conduct a satisfaction and marketing survey on the products and services for marketing purposes

5. Transferring Your Personal Data to Third Parties and Purpose of Transfer

Recipient	Purpose of Transfer
Public and Private Institutions authorised to receive information/documents and legal institutions (Banking Regulation and Supervision Agency, Insurance and Private Pension Regulation and Supervision Agency, Insurance Information and Supervision Centre, Financial Crimes Investigation Board, Courts, prosecution offices etc.)	Informing the authorised public and private institutions as per the applicable laws and regulations Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Ensuring the legal and physical security of the Bank
Institutions providing external service or support service (any advisor, institution or party from whom TEB provides supplementary services or is collaboration for archive services, call centre, IT services, audit etc.)	Conduct the required activities for the Bank’s commercial activities Ensuring the legal and physical security of the Bank Setting up the required actions to conduct lawfully the Bank’s/Institutions activities Conducting marketing and cross sale activities

6. Your Rights with respect to Your Personal Data

You might exercise your below mentioned rights with respect to your personal data by contacting TEB as per article 11 of the Data Protection Law.

To learn whether your personal data has been processed or not,
If personal data has been processed, to request information on such personal data,
To learn the purpose of processing your personal data and whether such personal data is used for intended purposes,
To learn the third parties to whom your personal data is transferred in Turkey or abroad,
To request the rectification of your incomplete or inaccurate data, if any and notify such rectification to third parties to which such personal data had been transferred,
To request the erasure, destruction or anonymisation or your personal data if the legal reason for its processing no longer exits and request the notification of such erasure, destruction or anonymisation to third parties to which the relevant personal data had been transferred,
To object to the processing of your personal data by automatic systems if such analyse leads to an unfavourable result for the data subject,
To request compensation for your damage arising from the unlawful processing of your personal data.

You might exercise your above-mentioned rights by filling out the application form published under https://www.teb.com.tr/pdpor available in our Bank’s branches and deliver it to the Bank through any mean listed in below.

You might fill in the form and;

Deliver it in written to our branches,
Send it to our Bank’s address via return receipt registered mail or through notary public
To kvkkbasvuru@teb.com.tr e-mail address via your e-mail previously notified to our Bank or by signing the relevant form with secure electronic signature.
With Registered Electronic Mail (KEP) from your Registered Electronic Mail account to turkekonomibankasi@hs03.kep.tr address.

Also, you might transmit your request through any other method stipulated under the Communiqué on the Procedure and Principles on the Application to the Data Controller.

Güncelleme tarihi: 26 Ekim 2023

Print Add to Favorites

Rate page content

Please Wait...

Daily Banking

Loans

Cards

Deposit and Investment

Insurance and Pension

CEPTETEB

Choose Your Company Segment

Protection of Personal Data

DATA PROTECTION NOTICE ON PROCESSING OF PERSONAL DATA FOR CUSTOMER ACQUISITION AND ACCOUNT OPENING/USAGE

DATA PROTECTION NOTICE ON PROCESSING CUSTOMERS PERSONAL DATA FOR CREDIT PROCESSES

DATA PROTECTION NOTICE ON PROCESSING OF CUSTOMER PERSONAL DATA FOR INVESTMENT ACTIVITIES

DATA PROTECTION NOTICE ON PROCESSING OF CUSTOMER PERSONAL DATA FOR INSURANCE ACTIVITIES