As HSBC Bank A.Ş. (“HSBC” or “Bank”), the security of your information is one of our most important priorities. In this respect, we would like to inform you about personal data processed by our Bank in accordance with the Law On the Protection of Personal Data No. 6698 (“Law” made in order to protect the fundamental rights and freedoms of persons, as well as to protect personal data.
IDENTITY OF DATA CONTROLLER
Under the law, HSBC Bank A.Ş. acts as a “Data Controller”. You can contact us using the contact details provided below:
Address: Esentepe Mah. Büyükdere Cad. No: 128 34394 Şişli / Istanbul
MERSİS No.: 0621002428200197
Registration No: İstanbul Trade Registry Directorate - 268376
Web site: www.hsbc.com.tr/
PURPOSES OF PERSONAL DATA PROCESSING
Within the framework of your relationship with our bank, your personal data is processed for the following purposes.
The following objectives may vary depending on your relationship with our Bank, the products and services that you are procuring or your permission to process your personal data. Depending on your relationship with our bank, in addition to the following objectives, you can also review the processing objectives in the sub-headings.
2.1. Related or Connected Real Person Parties, Representatives, Shareholders and Employees of Legal Person Customers
Your personal data, shared with us or disclosed in any public media by the legal entity to which you are an related and/or connected party and which is our customer through the business processes and transactions performed with our Bank, shall be collected. We may process such information within the scope of our Bank’s risk management activities by drawing up and executing agreements with the relevant legal entity.
2.2. Branch Visitors and Non-Customers Performing Transactions in the Branch
Identity information, contact information, CCTV records, financial data collected when you visit the facilities of our branch network and make transactions at the branches and the data provided by you are processed for the following purposes: depositing cash into the account; withdrawing cash from the account by instruction; loan payment; credit card payment; check/promissory note payment, receiving cash for the remittance to name; bill, tax, Social Security Institution payments; taking delivery of credit and debit cards; remittance to the customer’s account; writing off the customer’s account book at the branch; provision of our products and services; in order to ensure the security of the facility, taking video and controlling these records through the security cameras located in the branch, on the exterior of the building and ATMs, managing and recording the communication with HSBC.
2.3. Buyers of Insurance Products or Services
HSBC also provides our customers with intermediation activities regarding insurance products or services. The personal data of our customers utilizing our intermediary services is processed for the purposes of intermediating the insurance policy applications and the calculation of insurance premiums, intermediating the transmission of indemnity claims under the insurance policy to the insurer and their payment. We would like to emphasize that there will be insurance companies acting as the main data controller intermediaries in terms of insurance transactions such as risk and premium calculation, and indemnity payments. For more information regarding personal data processing within this regard, please take a look at the privacy noticies of the insurance companies we cooperate with.
2.4. Individuals Under Risk Group
In Article 49 of the Banking Law No. 5411, individuals constituting the “risk group” are defined. Accordingly, risk groups are composed of following individuals: in terms of real persons, the person himself/herself and his/her spouse and children, the undertakings where they are members of board of directors or general managers or the undertakings which they or a legal person control individually or jointly, directly or indirectly or participate in with unlimited responsibility; a bank’s qualified shareholders, board of directors’ members and general manager as well as the undertakings they control individually or jointly, directly or indirectly or participate in with unlimited responsibility or where they are members of board of directors or general managers; real and legal persons that have surety, guarantee or similar relationships where the insolvency of one will lead to the insolvency of the others. Banking Regulation and Supervision Agency also has the authority to identify other natural and legal persons to be included in the risk group. The personal data of the individuals within the scope of the risk group may be processed for the purposes of fulfilling our legal obligations, particularly as per the banking legislation; identifying the risk groups; determining the total loan amount that can be given to the individuals within the same risk group; conducting credibility assessments and managing the legal and financial risks faced by our Bank.
2.5. Persons who Secure or Guarantee for the Persons Utilizing a Product or Service
The personal data of individuals who provide guarantee or go surety for those who utilize our products or services is processed for the following purposes: Managing the legal and financial risks of our bank; Making necessary transactions to protect our rights in disputes to which our bank is a party; Offering our products and services and making credibility calculations; In the cases where the individual utilizing the products or services fails to pay or defaults on his/her debts, collecting the receivables of our Bank.
2.6. Event/Organization Participant
Photos or videos can be taken at the training sessions, seminars, events, invitations and other events organized by our bank. These visual records can be processed for the purposes of visually promoting the events organized by our bank for the public, providing information and/or raising awareness, and performing activities to enhance brand value and reputation of our Bank through advertising and promotion.
2.7. Supplier/Business Partner Connected and Related Officers/Employees
Your personal data, shared with us or disclosed in any public media by the legal entity to which you are an officer and/or employee and which is our supplier/Business partner through the business processes and transactions performed with our Bank, shall be collected. We process such information within the scope of our Bank’s risk management activities by drawing up and executing agreements with the relevant legal entity.
TRANSFER OF THE PERSONAL DATA
Your personal data can be shared with authorized agencies and organizations including but not limited to The Banks Association of Turkey Risk Center, Credit Reference Agency, Banking Regulation and Supervision Agency, Capital Markets Board, Central Bank of Turkey, Financial Crimes Investigation Board, Ministry of Treasury and Finance, Financial Crimes Investigation Board, Inter-Bank Card Center, Banking Association of Turkey, Central Registrar, law enforcement agencies, courts and enforcement directorates, domestic and international banks and clearing entities that provide intermediary/custody services for domestic and foreign currency and securities transfer, securities custody requests, and HSBC group companies (referring to HSBC Holdings plc and/or its affiliates, subsidiaries, joint ventures and any branches and offices thereof) in Turkey or overseas, third parties we serve as intermediaries and agents of, correspondent banks with which we cooperate, business partners, shareholders of our Company, service provider firms, vendors and support service providers and staff, officials, and subcontractors thereof, for the purposes specified in article 2 of the present NotificationText, within the framework of the provisions of the Law, covering the transfer of personal data within the country and abroad.
PERSONAL DATA COLLECTION METHODS AND THE LEGAL GROUNDS
Your personal data is collected on physical, written, verbal and electronic media, via the internet, phone, e-mail and mobile app, during your applications for products and services, visits to our head office, web site and branches, use of mobile app, ATM and online banking, and your calls with the call center, from you, The Banks Association of Turkey Risk Center, Credit Risk Center, the Identity Sharing System, legal entities that you are related and/or connected with, legal authorities and sources available to the public during the establishment and maintenance of the legal relationship with our Bank. The collected personal data is processed based on the following legal grounds stipulated in Articles 5 and 8 of the Law:
In case of personal data transferring to overseas countries, in addition to the abovementioned legal grounds, personal data can only be transferred abroad if the respective foreign country
WHAT ARE YOUR RIGHTS?
You have the following rights concerning your personal data, as per the provisions in Article 11 of the Law.
CONTACTING US FOR YOUR RIGHTS AND REQUESTS
You can either personally submit your requests to our branches in writing or send them through a notary public as per your legal rights. You can also send an e-mail to email@example.com using registered electronic mail (KEP) address, secure electronic signature, mobile signature, or to firstname.lastname@example.org using the electronic mail address previously reported to our Bank and registered in our systems.
The application must include (i) name, surname and, if in writing, signature; (ii) Republic of Turkey identification number for citizens of the Republic of Turkey, and nationality, passport number or, if any, identification number for foreigners; (iii) residential area or workplace address provided for correspondence; (iv) if any, electronic mail address, telephone and fax numbers provided for notification and (v) subject of the request.
Applications made within this scope are accepted following an identification verification by us, and your requests stated in the application are concluded as soon as possible and within 30 days at the latest depending on the type of requests.
THINGS YOU CAN HELP WITH
It is important that the personal data we keep about you should be correct and up-to-date. To this end, we kindly ask you to inform us of any change to your personal data using our abovementioned contact details.
If you share with our Bank any personal data not belonging to you, you should make sure that this NotificationText is referred to and read by them so that they can have knowledge about the use of their personal data.
If you would like to get further information regarding personal data you can always reach us via the abovementioned contact details or visit Personal Data Protection Agency’s website by clicking https://www.kvkk.gov.tr/.