NOTIFICATION ON THE PERSONAL DATA PROTECTION

PRIVACY NOTICE ON THE PROTECTION OF PERSONAL DATA

Your information security is among our priorities as HSBC Bank A.Ş. (“HSBC” or the “Bank”). In this respect, we would like to inform you about the processing of personal data by our Bank pursuant to and under the Personal Data Protection Law no. 6698 (“Law”) enacted in order to protect the fundamental rights and freedoms and personal data of individuals.

  1. IDENTITY OF DATA CONTROLLER

    HSBC Bank A.Ş. acts as the “Data Controller” under the Law. You may reach us by using the following contact information:

    Address: Esentepe Mah. Büyükdere Cad. No: 128 34394 Şişli / Istanbul

    MERSIS No: 0621002428200197

    Registry No.: Istanbul Trade Registry Office - 268376

    Internet Web Site: www.hsbc.com.tr/

  2. PURPOSES AND LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA

    As a part of your relations with our Bank, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

    The following purposes may vary depending upon your relations with our Bank, and the products and services you receive, or the status of consent for processing of your personal data. In line with your relations with our Bank, in addition to the following purposes, you may also review and check the purposes of processing described in the following sub-headings:

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Risk management

Transaction security

Client transactions

Finance

Professional experience

  • Performance of our contractual and legal obligations fully and as required;
  • Compliance with both national and international principles and rules, and performance of our information storage, reporting and information obligations arising out of the laws or stipulated and imposed by official authorities;
  • For the sake of client, Bank and data security purposes, to carry out identification steps and procedures, and controls aiming to prevent money laundering, bribery, fraud and other financial crimes and related sanctions, and to record and report the results of such controls, and to send and deliver suspicious transaction notifications;
  • To meet the requests of official bodies and authorities relating thereto;
  • To plan, supervise, audit and perform information security processes;
  • To make the banking services fit and convenient for access and use by the disabled clients;
  • To conduct reporting, audit and supervision activities;
  • To perform creditworthiness assessments, and to monitor, follow up and check the credit monitoring and repayment processes;
  • To prepare account extracts and investment extracts and send them to clients, and to record the voice calls;
  • To manage the legal, financial, commercial, compliance and reputation risks;
  • To assess and reply advices, suggestions, requests and complaints transmitted by any types of channels whatsoever;
  • To follow up the financial and accounting operations and to issue financial and commercial reports; and
  • Within the frame of provisions of the Banking Law no. 5411, to exchange information with the specified bodies and authorities, banks, prospective buyers or risk centre; and to prepare and issue the consolidated financial statements of parents; and to conduct and manage the risk management and internal audit practices; and to carry out the assessments needed for sale of the Bank’s assets, including the loans, or sale of securities issued in reliance thereupon; and to perform valuation, rating or support services; and to conduct independent audit activities and service purchases relating thereto.

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, and (ii) processing is explicitly stipulated by law

Identity

Contact

Risk management

Client transactions

Finance

Professional experience

  • To conduct banking operations and transactions; and to carry out correspondent banking activities;
  • To offer products and services through internet banking and mobile applications;
  • To offer our products and services within the frame of banking, finance, investment and portfolio management, and fulfil instructions given by you in respect of our products and services, and transfer money, foreign currency, gold and similar other securities, and effect payment operations and transactions; and
  • To affect international money and fund transfers, and process any payment claims and objections in respect of credit card transactions performed abroad, and make collections of foreign cheques.

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

Contact

Risk management

Client transactions

Requests and complaints

Auditory information

Marketing

Finance

Professional experience

  • To conduct improvement works and activities in respect of advices, suggestions, requests and complaints transmitted by any types of channels whatsoever, and comply with quality standards pertaining to client services, and to this end, take voice records of calls effected through call centre, and if and when needed, ensure that said records are listened and analyzed by our authorised units;
  • To follow up the financial and accounting operations and to issue financial and commercial reports;
  • To carry out client relations activities and operations;
  • To analyse how our services are used by you, and then, develop our products and services in line with results of such analyses;
  • To assure the continuity of security and operations, and effect activity and operational analyses, improvements and performance measurements;
  • To conduct and handle social responsibility activities also involved in by our Bank;
  • To manage and record all and any communications with our Bank;
  • To perform efficiency and expediency analyses of our commercial activities, and plan and carry out these activities and operations;
  • To effect controls aiming to prevent money laundering, bribery, fraud and other financial crimes and related sanctions;
  • To manage legal, financial, commercial, compliance and reputation risks; and
  • To perform market researches and segmentation activities.

Based on the legal ground: processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

Identity

Contact

Risk management

Legal transactions

Requests and complaints

Client transactions

Auditory information

Finance

Professional experience

  • Contract management, and conduct of legal transactions, and monitoring of legal processes;
  • To plan and/or perform the activities relating to creation, maintenance and/or release or cancellation of guarantees; and
  • To manage our Bank’s legal, financial, commercial, compliance and reputation risks; and take actions needed for protection of our rights in disputes we are involved in.

Based on the legal ground: processing is mandatory for the establishment, exercise or protection of a right

Identity

Contact

Risk management

Finance

Client transactions

Health

Professional experience

  • As a part of marketing, promotion and advertisement activities, if permitted by you, to create and offer tailormade products, campaigns and proposals designed specially for you; and determine and offer products or services you may be interested in or you may need and request; and
  • To make the banking services fit and convenient for access and use by the handicapped clients.

Your explicit consent

2.1. If you are Related or Associated Natural Person Representatives, Shareholders or Employees of Legal Entity Clients:

Your personal data may be obtained by our Bank if and to the extent shared directly with us or published in the public channels by the legal entity which you are related to and/or associated with and which is our client in respect of the transactions and operations entered into with our Bank by the legal entity you are related to or associated with.

Accordingly, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Risk management

Finance

  • Performance of our contractual and legal obligations fully and as required;
  • Compliance with both national and international principles and rules, and performance of our information storage, reporting and information obligations arising out of the laws or stipulated and imposed by official authorities;
  • For the sake of client, Bank and data security purposes, to carry out identification steps and procedures and controls aiming to prevent money laundering, bribery, fraud and other financial crimes and related sanctions, and to record and reports the results of such controls, and to send and deliver suspicious transaction notifications;
  • To meet the requests of official bodies and authorities relating thereto;
  • To plan, supervise, audit and perform information security processes;
  • To conduct reporting, audit and supervision activities;
  • To perform creditworthiness assessments, and to monitor, follow up and check the credit monitoring and repayment processes;
  • To offer the corporate credit card product, and in this aspect, to prepare and issue account extracts, and send them to clients and other related persons;
  • To prepare account extracts and investment extracts and send them to clients, and to record the voice calls;
  • To manage the legal, financial, commercial, compliance and reputation risks;
  • To assess and reply advices, suggestions, requests and complaints transmitted by any types of channels whatsoever;
  • To follow up the financial and accounting operations and to issue financial and commercial reports; and
  • Within the frame of provisions of the Banking Law no. 5411, to exchange information with the specified bodies and authorities, banks, prospective buyers or risk centre; and to prepare and issue the consolidated financial statements of parents; and to conduct and manage the risk management and internal audit practices; and to carry out the assessments needed for sale of the Bank’s assets, including the loans, or sale of securities issued in reliance thereupon; and to perform valuation, rating or support services; and to conduct independent audit activities and service purchases relating thereto.

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, and (ii) processing is explicitly stipulated by law

Identity

Contact

Risk management

Finance

  • To conduct banking operations and transactions; and to carry out correspondent banking activities;
  • To offer products and services through internet banking and mobile applications; and
  • To offer our products and services within the frame of banking, finance, investment and portfolio management, and fulfil instructions given respect of our products and services by the legal entity you are related to or associated with.

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

Contact

Risk management

Finance

  • To conduct improvement works and activities in respect of advices, suggestions, requests and complaints transmitted by any types of channels whatsoever, and comply with quality standards pertaining to client services, and to this end, take voice records of calls directed to our Bank, and if and when needed, ensure that said records are listened and analyzed by our authorised units;
  • To follow up the financial and accounting operations and to issue financial and commercial reports;
  • To carry out client relations activities and operations;
  • To analyse how our services are used by you, and then, develop our products and services in line with results of such analyses;
  • To assure the continuity of security and operations, and effect activity and operational analyses, improvements and performance measurements;
  • To conduct and handle social responsibility activities also involved in by our Bank;
  • To manage and record all and any communications with our Bank;
  • To perform efficiency and expediency analyses of our commercial activities, and plan and carry out these activities and operations;
  • To effect controls aiming to prevent money laundering, bribery, fraud and other financial crimes and related sanctions; and
  • To manage legal, financial, commercial, compliance and reputation risks.

Based on the legal ground: processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

Identity

Contact

Risk management

Finance

  • Contract management, and conduct of legal transactions, and monitoring of legal processes;
  • To plan and/or perform the activities relating to creation, maintenance and/or release or cancellation of guarantees; and
  • To manage our Bank’s legal, financial, commercial, compliance and reputation risks; and take actions needed for protection of our rights in disputes we are involved in.

Based on the legal ground: processing is mandatory for the establishment, exercise or protection of a right

Identity

Contact

Risk management

Finance

  • To communicate in respect of the products or services you may be interested in or you may need and request.

Your explicit consent

2.2. If you are Branch Visitors or are Transacting with a Branch Without Being a Client of our Bank:

In the case of your visits to campuses of our branch network, and in respect of transactions entered into by you in our branches, your identity data, contact data, CCTV records, financial data and other data disclosed by you are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Finance

  • Depositing of cash in account, withdrawal of cash from account, loan repayments, and credit card debt payments;
  • Payment of checks/promissory notes, and collection of remittances to name in cash;
  • Receipt of invoices, and tax and Social Security Agency payments, and credit cards and debit cards;
  • Remittances made in the name and account of client;
  • To have the client’s pass book printed in the branch; and
  • To offer our products and services.

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

Contact

Finance

Audiovisual physical location security information

  • For the sake of security of facilities and premises of our Bank, to take, control and supervise imagery records through security cameras installed inside the branch, on building facades and in ATMs; and
  • To manage and record all and any communications with HSBC.

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, (ii) processing is explicitly stipulated by law, and (iii) processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

2.3. If you are Buyers of Insurance Products or Services:

We, as HSBC, are also providing you, our Clients, with brokerage activities for insurance products or services.

Accordingly, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Legal transactions

Risk management

Finance

  • To act as a broker in applications for insurance policies and in premium calculations thereof; and
  • To act as a broker in submission to insurance firm of any claims filed under insurance policy, and in payment of claims thereunder.

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

  • To perform and carry out the legal identity verification processes.

Based on the legal ground: processing is mandatory for the Bank to comply with its legal obligations as a data controller,

Identity

Contact

Marketing

Client transactions

Risk management

Finance

  • To determine insurance products fit to and convenient for our banking clients, and to this end, to establish communication with them.

Your explicit consent

We would like to remind you that the insurance firms will themselves directly act as data controller with regard to such insurance transactions as calculation of risks and premiums and payment of claims thereunder. Therefore, if you wish to get more detailed information about processing of your personal data, you may review and read privacy notices/policies published by insurance firms we are in cooperation with.

2.4. If you are Persons Included in Risk Group:

Article 49 of the Banking Law no. 5411 defines persons included in “risk group” as follows: As for real persons, the real person and his/her spouse and children, the undertakings where they are members of board of directors or general manager or the undertakings which they or a legal person control individually or jointly, directly or indirectly or participate with unlimited responsibility, constitute a risk group. As for a bank, the bank and its qualified shareholders, members of board of directors, and general manager as well as the undertakings they control individually or jointly, directly or indirectly or participate with unlimited responsibility or where they are members of board of directors or general manager constitute a risk group including the bank. For the implementation of this article, risk groups shall also include real and legal persons which have surety, guarantee or similar relationships where the insolvency of one will lead to the insolvency of the other. In addition, the Banking Regulation and Supervision Board is authorized to determine other real and legal persons included in a risk group.

Personal data of persons included in a risk group are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Risk management

Finance

  • To perform our legal obligations arising of applicable laws, especially the banking laws and regulations;
  • To determine and identify risk groups;
  • To determine total loan amount that may be made available to persons included in the same risk group;
  • To perform creditworthiness assessments; and
  • To manage legal and financial risks of our Bank.

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, and (ii) processing is explicitly stipulated by law

2.5. If you are Persons Acting as a Guarantor or Giving Guarantees in Favour of Product or Service Buyers:

Personal data of those acting as a guarantor or giving guarantees in favour of buyers and users of our products or services are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Legal transactions

Risk management

Finance

  • To manage our Bank’s legal and financial risks;
  • To take actions for protection of our rights in disputes involved in by our Bank as well;
  • To offer our products and services and conduct creditworthiness calculations;
  • If the buyer of products or services fails to repay its debts owed to our Bank or becomes insolvent, to take actions for recovery and collection of outstanding debts owed to our Bank.

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, and (ii) processing is explicitly stipulated by law, (iii) processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract, and (iv) processing is mandatory for the establishment, exercise or protection of a right

2.6. If you are Participants/Attendees of an Activity/Organisation:

Photographes or videos may be shooted during trainings, seminars, activities, invitations and organisations organised and held by our Bank.

Accordingly, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Audiovisual records

  • To visualize the activities organised and held by our Bank for the sake of public promotion, information and/or increase of awareness thereof; and
  • To perform our Bank’s promotion and advertisement activities, and activities aimed at increasing its brand value and reputation.

Based on the legal ground: processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

2.7. If you are Related and Associated Directors/Employees of Suppliers/Business Partners:

Your personal data may be obtained by our Bank if and to the extent shared directly with us or published in the public channels by the legal entity which you are related to and/or associated with and which is our supplier/business partner in respect of the transactions and operations entered into with our Bank by the legal entity you are related to or associated with.

Accordingly, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

  • To enter into agreements with the related legal entity, and perform such agreements

Based on the legal ground: processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

Identity

Contact

Risk management

  • To perform our Bank’s risk management activities

Based on the legal ground: processing is mandatory for the Bank to comply with its legal obligations as a data controller,

2.8. If you are Helping the Banking Transactions of a Disabled Prospective Client:

In the course of negotiations held by our Bank with our disabled prospective clients, if deemed necessary, we may request assistance from a third party. For the purpose of identification of said disabled individuals in regard to their transactions and relations with our Bank, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Video records

  • To make the banking services fit and convenient for access and use by the disabled clients;
  • For the sake of client, Bank and data security purposes, to carry out identification steps and procedures, and controls aiming to prevent money laundering, bribery, fraud and other financial crimes and related sanctions, and to record and report the results of such controls, and to send and deliver suspicious transaction notifications; and
  • To meet the requests of official bodies and authorities relating thereto.

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, and (ii) processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

  1. TRANSFER OF PERSONAL DATA

    As a part of your relations with our Bank, your personal data are processed by our Bank for the following purposes and in reliance upon the legal data processing conditions cited below (“legal grounds”):

Personal Data Categories

Personal Data Processing Purposes

Legal Grounds

Identity

Contact

Risk management

Finance

Professional experience

Such legal grounds as submission of legal reports and information to legally authorized public authorities and bodies, and conduct of regulation and supervision activities, and management of complaint and other legal processes, etc.:

  • The Banks Association of Türkiye Risk Centre
  • Kredi Kayıt Bürosu A.Ş. (Credit Reference Agency)
  • Banking Regulation and Supervision Agency
  • Capital Markets Board
  • The Central Bank of the Republic of Türkiye
  • Financial Crimes Investigation Board
  • Ministry of Treasury and Finance
  • Financial Crimes Investigation Board
  • The Central Bank of the Republic of Türkiye
  • Interbank Card Centre
  • The Banks Association of Türkiye
  • Merkezi Kayıt Kuruluşu A.Ş. (Central Registry Agency)
  • Other authorised public authorities and bodies
  • Security forces
  • Courts and execution offices

Based on the legal grounds: (i) processing is mandatory for the Bank to comply with its legal obligations as a data controller, and (ii) processing is explicitly stipulated by law

Identity

Contact

Professional experience

  • For and in the course off know-your-customer activities, to carry out identification steps and procedures, and controls aiming to prevent money laundering, bribery, fraud and other financial crimes and related sanctions, and to record and report the results of such controls, and to send and deliver suspicious transaction notifications;

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

Contact

Risk management

Finance

In the case of requests for local and foreign money and securities transfers and for custody of securities, for the sake of such transfers:

  • Local and foreign banks and clearing houses acting as a broker in transfer/offering custody services

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

Contact

Risk management

Finance

Requests and complaints

Client transactions

For the data processing purposes stated under the heading 2.3:

  • Third parties for whom we act as a broker or as an agency

For correspondent banking activities:

  • Correspondent banks we are in cooperation with

Based on the legal ground: processing of the contractual parties’ data is necessary, provided that such processing is directly related to the establishment of a contract or performance of a contract

Identity

Contact

Risk management

Finance

Professional experience

For reporting, supervision and audit activities and for creditworthiness assessments:

  • Local and foreign HSBC group companies (refers to HSBC Holdings plc and/or its affiliates, subsidiaries, joint ventures and all of their branches and offices)
  • Shareholders of our Company
  • Such business partners as public accountant and audit firms

Your personal data are also shared with service providers, suppliers and support service providers and their employees, directors and subcontractors for the following purposes:

  • Preparation and execution of loan agreement in reliance upon your loan request;
  • To offer our products and services through internet banking and mobile applications;
  • To conduct client relations activities;
  • To analyse how our services are used by you, and then, develop our products and services in line with results of such analyses; and assure the continuity of security and operations;
  • To effect activity and operational analyses, improvements and performance measurements;
  • To manage and record all and any communications with our Bank;
  • To perform efficiency and expediency analyses of our commercial activities, and plan and carry out these activities and operations, and to this end, carry out marketing, promotion, publicity and gift sending activities, and perform market surveys and researches, and in this aspect, if your prior consent is taken, to send electronic commercial messages to you, and create tailormade products or campaigns specifically for you; and conduct general and tailormade segmentation activities; and determine and advise products or services you may be interest in or you may need and request.

Based on the legal ground: processing is mandatory for the legitimate interests of our Bank as data controller, provided that the fundamental rights and freedoms of the related person are not prejudiced or harmed

  1. METHODS OF COLLECTION OF PERSONAL DATA

    Your personal data are collected from you, the Banks Association of Türkiye Risk Centre, Kredi Kayıt Bürosu A.Ş. (Credit Reference Agency), Identity Sharing System, legal entities you are related to and/or associated with, legal authorities and public sources at the time of establishment of your legal relations with our Bank or in the course of said relations, as well as via internet, by telephone or e-mail, through mobile applications, and through physical, written, verbal and electronic channels during your applications for products and services, and your visits to our head offices, internet web site and branches, and your use of mobile applications, ATM, internet banking and telephone banking, and your calls to call centre.

    Where your personal data are transferred abroad, apart from the legal grounds listed in the table relating to said transfer, your personal data may be transferred abroad, providing that:

    • The foreign country to which your personal data will be transferred provides an adequate level of protection; or
    • In the absence of an adequate level of protection, HSBC and the data controller seated in the related foreign country to which your personal data will be transferred give a written commitment for adequate level of protection, and obtain prior consent of the Personal Data Protection Board; or
    • Your explicit consent is received for transfer of your personal data abroad.
  2. WHAT ARE YOUR RIGHTS?

    Pursuant to the provisions of Article 11 of the Law, you have the following rights in respect of your personal data:

    • To learn whether your personal data are processed or not; and
    • If your personal data are processed, to request information thereabout; and
    • To learn the purpose of processing of your personal data, and whether your personal data are used for the intended purposes or not; and
    • To learn the identity of third parties to whom your personal data are transferred in Türkiye or abroad; and
    • If your personal data are processed incompletely or inaccurately, to request completion or correction of them; and
    • To request deletion or destruction of your personal data; and
    • If your personal data are corrected, deleted or destroyed, to request notification of these transactions to third parties to whom your personal data are transferred; and
    • To raise objections against any consequences that may arise in disfavour of you as a result of analysis of the processed data solely and exclusively through automatic systems; and
    • To claim indemnification of your damages and losses, if any, incurred due to illegal or unlawful processing of your personal data.
  3. IF YOU WISH TO CONTACT US FOR YOUR RIGHTS AND REQUESTS:

    As per your legal rights, you may communicate your requests in writing to our branches either personally or via a notary public. In addition, you may transmit your requests to the address of hsbcbank@hs04.kep.tr by using your registered electronic mail (REM) address, secure electronic signature or mobile signature, or to kvkkiletisim@hsbc.com.tr address by using the electronic mail address previously advised to our Bank and registered in our systems. Furthermore, in order to use your legal rights, you may reach us through telephone banking by calling 0850 211 0 111.

    Your application must contain: (i) name and surname, and if the application is in writing, signature; and (ii) for nationals of the Republic of Türkiye, T.R. identity number, and for foreigners, nationality, passport number or if any, identity number; and (iii) place of residence or office address for notification purposes; and (iv) if any, electronic mail address, telephone and facsimile numbers for notification purposes; and (v) subject of the request.

    Your applications filed as cited in the preceding paragraphs will be accepted by us after completion of verification of your identity by us, and your requests expressed in your application will be fulfilled and responded as soon as possible and in any case, within 30 days thereafter, depending on the kind and type of requests.

  4. WHAT YOU MAY DO:

    It is essentially important to make sure that your personal data kept by us are true, accurate and correct. For this reason, in the case of a change in your personal data, please advise us by using our contact information given above.

    In the event that you share with our bank any personal data not belonging to you, you are required to send this Privacy Notice to owners of such personal data and to make sure that they read this Notice, so that they are duly informed about use of their personal data.

    If you want to get more detailed information about personal data, you may at all times reach us by using our contact information given above, or you may visit the internet web site of the Personal Data Protection Authority by clicking https://www.kvkk.gov.tr/ link.