This information is provided as per Article 10 of the Law No. 6698 on the “Protection of Personal Data” (the “Law”).
As HSBC Bank A.Ş. (“HSBC”), we continue our operations, both in the country and abroad, with the purpose of providing all the products and services indicated in the Banking Transactions Agreement (“Contract”) and contracts constituting the addenda to the Contract (“Addenda”) without any interruption. We adopt and implement the measures and rules necessary to ensure the confidentiality and security of the personal data we obtain from our valued customers in providing our products and services. HSBC aims to preserve this deserved confidence the Customers place in the Bank, by complying with these fundamental rules. HSBC complies completely with the restrictions and arrangements made in regards to the banking privacy, customer privacy and disclosure of personal details to the third parties within the framework of the Banking Law, Law on Protection of Personal Data, provisions of other related legislation and the Policy on the Confidentiality and Protection of Personal Data that includes the principles of great importance to HSBC Group, the parent company of our Bank and a long standing institution in the international financial sector.
This information contains details as to how your personal data used, whenever necessary, in providing of any and all kinds of services and products to you, our valued customers, under the Contract and the Addenda; such as basic banking services, investment services and custody services, insurance transactions is acquired, processed, shared, deleted, and/or destroyed. In cases where it is deemed necessary by our Bank or required by the legislation, further information will be provided.
Obligation of Disclosure:
Your personal data that is provided to HSBC either in person or by your representative or acquired through channels like SMS, www.hsbc.com.tr web site, internet banking, mobile banking, Contact Centre and ATMs in compliance with the law for purposes of providing you banking services/ products, is processed by us in the capacity of the “Data Supervisor” within the scope of the “Law on Protection of Personal Data”.
Within this framework, HSBC, as the Data Supervisor; will be able to keep a record of your personal data, update it for purposes of sustaining the banking services, share it with the 3rd parties (including the correspondent banks) both in the country and abroad including the HSBC Group (represents HSBC Holdings plc and/or its affiliates, subsidiaries, joint ventures and all their branches and offices and any mention of a “HSBC Group Member” bears the same meaning), classify and design the products and services provided by using the data you disclose for purposes of providing services specific and unique to you and process the data in the manner stated in the Law.
Method of Personal Data Collection:
Your personal data is collected through our headquarters or Branches, dealerships under contract and companies whose activities we perform in the capacity of their agents/intermediaries, stores under contract, member Business POS channels, companies providing contact centre services, applications made over the web site, direct banking services, internet branches, contact centres, written/digital applications made to the direct sales teams, online sales sites, all our mobile applications, SMS, ATMs, social media, customer interviews, scanning of judicial records, market intelligence, Identity Sharing System, Address Sharing System, SSI records, PTT, Interbank Card Centre and similar channels as well as any other channels that the Bank has used previously or would use in the future to contact its customers and the data gathered in this manner is maintained for periods prescribed in the law.
Furthermore, provided that it is applicable and allowed in Turkish legislation, HSBC and members of the HSBC Group may collect, use and share Customer Information (including relevant information about the Customer’s transactions, the Customer’s use of HSBC’s products and services, and the Customer’s relationships with the HSBC Group) . Customer Information may be requested directly from the Customer (or a person acting on the Customer’s behalf), or may also be collected by or on behalf of HSBC, or members of the HSBC Group, from other sources (including the publicly available information), generated or combined with other information available to HSBC or any member of the HSBC Group or the 3rd parties form whom HSBC receives services.
Purposes and Legal Reasons of Processing Personal Data:
The personal data of our valued customers is processed to be utilized in Banking operations and for purposes of providing the products and services of our Bank (including core banking services, investment services, custody services, insurance transactions and for other varied purposes), and establishing communication in regards to the products and services our customers have obtained/will obtain and provided that the customer’s permission is obtained, for purposes of using in marketing activities or offering and modelling products/services, reporting, scoring, risk monitoring, conducting intelligence, and studies in regards to the existing or potential products and determining potential customers by our Bank and our direct/indirect affiliates as well as for similar purposes.
In line with the following “Purposes” and to the extent permitted by Law, HSBC processes and transfers the personal data to the 3rd parties: (a) when providing services that are requested or permitted by the Customer, (b) to meet the Compliance Obligations, (c) when engaged in financial crime risk management activities, (d) when collecting any outstanding payments from the Customer, (e) in carrying out credit checks or in receiving/giving credit references, (f) for purposes of meeting the operational requirements within HSBC or HSBC Group (including without limitation for purposes of credit and risk management, system or product development/planning, insurance, auditing and management purposes), (g) to persons acting on behalf of the customer, payment recipients, beneficiaries, account applicants, intermediaries, correspondent and agent banks, clearing centres, clearing or payment systems, market parties, tax authorities, clearing or trading institutions, stock exchanges, companies that the customer holds shares of (if the shares are in the safekeeping of HSBC), (h) in connection with any and all HSBC company transfer, company sale, company merger or company acquisition transaction, (i) for purposes of maintaining the general relationship of HSBC with the Customer (including the marketing and introduction of the products and financial services that the Customer might be interested in and conducting market surveys), and/or when it becomes necessary due to legal obligations and justified reasons.
The personal data shared with local official authorities as indicated in this document under sub-title “Persons/Institutions to Whom the Personal Data Processed by HSBC Might Be Transferred”, is being processed in compliance with the purpose of meeting the requirements of the Banking, Taxation, FCIB(Financial Crimes Investigation Board), SSI legislations and any other legislation related to the banks.
Our Bank shall not use your personal data for purposes other than processing and shall not disclose and/or transfer this data to the 3rd parties without your consent or in the absence of a reason prescribed in the applicable law. The foregoing sentence does not cover the information required to be shared with the state institutions and organizations and/or judicial authorities as per the legislation.
Your information is eliminated in compliance with the relevant arrangements, upon expiry of the retention periods prescribed in the legislation and legal regulations.
* “Compliance Obligations”: Provided that it is applicable in Turkish Law, these indicate the obligations of any member of HSBC Group to comply with the following; (a) any and all the applicable domestic and foreign laws, by-laws, regulations, circulars, communiqués, court decisions, decrees, regulatory decisions, directives, sanctions, court orders, all kinds of agreements that have been executed between any member of HSBC Group and a competent authority, an agreement or a pact executed between competent authorities to be valid on HSBC or a member of HSBC Group (“Laws”) or international guidelines or intra-company policies and procedures; (b) any (valid) request made by competent authorities, reporting required by laws, reporting and disclosure obligations for purposes of regulating commerce or other obligations, and (c) arrangements requiring HSBC to confirm the identities of its customers.
Individuals / Institutions to whom Personal Data Processed by HSBC might be transferred:
Subject to the legal requirements and within the legal limitations, your personal data will be transferred to the administrative and official authorities who are legally required to receive the data, to the credit reference agency, Interbank Card Centre, Risk Centre of the Banks Association of Turkey, our Bank’s main shareholder and its direct and indirect shareholders, HSBC Group members, foreign and domestic affiliates of HSBC, companies for whom HSBC acts in the capacity of an agent/intermediary, domestic-foreign third parties from whom our Bank obtains support services or services, under circumstances prescribed in the law, to independent audit firms, institutions to whom transfer of information is allowed in the Banking Law, Banking Regulation and Supervision Agency, Capital Markets Board, Central Bank of the Republic of Turkey, FCIB(Financial Crimes Investigation Board), Undersecretariat of Treasury, the correspondent banks we do business and cooperate with for purposes of conducting our operations and providing banking services, and to similar legal entities.
Rights of Our Clients under the Framework of Article 11 of the Law:
Contacting HSBC, you have the right to: a) learn whether or not your personal data have been processed; b) request information if your personal data have been processed; c) learn the purpose of processing your personal data and whether or not they are used for the purposes intended; d) know the third parties to whom your personal data have been transferred abroad; e) request correction for your personal data which have been missing / incorrectly processed; f) ask for deletion / disposal of your personal data under the terms of Article 7 of the Law; g) ask for notification to the third parties to whom your personal data have been transferred of any transactions made as per subparagraph (e) and (f) listed above; h) appeal to any results against you due to the analysis of your personal data exclusively by automated systems; and i) ask for indemnification for any losses you have suffered if your personal data have been processed in violation of the laws.