World Mobile Privacy Policy
As Yapı ve Kredi Bankası Anonim Şirketi (hereinafter referred to as “Yapı Kredi” or “Bank”), we would like to inform you about the processing of your personal data and other information and the permissions we collect through the Yapı Kredi World Mobile Application (hereinafter referred to as “the Application”), in order to improve your experience with some functions in our Mobile Application and to make you use our Mobile Application more easily during your use of our Mobile Application.
The use of our Mobile Application is carried out in accordance with the legislation we are subject to, in particular the Law No. 6698 on the Protection of Personal Data (“Law”).
Purposes and Legal Grounds for Processing Personal Data
The personal data collected within the scope of this Privacy Notice will be processed for the purposes (“Purposes”) and legal grounds set out below and within the scope of the personal data processing conditions and purposes specified in Article 5 of the Law.
Based on the ground that it is explicitly stipulated by law and it is mandatory for the data controller to fulfill its legal obligation;
- In order to fulfill the requests of official institutions, your identity, communication and transaction security data,
- In order to provide information to authorized institutions due to legislation, your identity, communication and transaction security data,
- In order to ensure compliance with the retention obligations stipulated in the legislation your identity, communication and transaction security data,
- In order to respond to data subject requests in accordance with the legislation and taking necessary actions your identity, communication and transaction security data,
- In order to fulfill our legal obligations arising from the legislation to which our Bank is subject your identity, communication and transaction security data,
- In order to determine whether there is malware on your mobile device within the scope of fulfilling our legal obligations your identity, communication and transaction security data may be processed.
Based on the legal ground that the processing of personal data of the parties to a contract is necessary, provided that it is directly related to the conclusion or performance of the contract;
- In order to carry out your membership to the Mobile Application, your identity, communication and transaction security data,
- In order for you to benefit from the products and services included in the Mobile Application, your identity, communication and transaction security data may be processed.
Based on the legal ground that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject;
- In order for our business units to carry out the necessary work and execute the relevant business processes for you to benefit from the products and services offered by our Bank through the Mobile Application your identity, communication and transaction security data,
- In order to plan and execute the commercial and/or business strategies of our Bank, your identity, communication and transaction security data
- In order to provide you with the relevant products and services within the scope of the permissions you have given on your device for the Mobile Application, your identity, communication and transaction security data may be processed.
As Yapı Kredi, in our Mobile Application, we obtain permissions through different functions for various purposes on the basis of different operating systems and process your personal data through these functions. The main purposes of these application permissions and collected data and application purposes are as follows:
| Required Permission |
Reason |
| Notifications |
This is the permission required to send push notifications. |
| Location |
It is the permission required to provide information about Geofence and nearby campaigns on the map. |
| Camera |
It is the permission required to perform QR Code operations and Profile Photo Capture functions. |
| Photo |
This is permission to select a profile photo from the gallery. |
| Application Refresh in Background |
This is the required permission for Geofence updates. |
| Required Permission |
Reason |
| Permission to Operate at Opening |
It is the permission required for mobile payment and Geofence functions to work. |
| Device ID and Call Information |
It is required for the Remember Me function to work. |
| Permission to run apps when the screen is locked |
This is the permission required for the mobile payment function to work when the screen is locked. |
| Internet access |
This is the permission required for the application to run. |
| Location |
It is the permission required to provide information about geofence and nearby campaigns on the map. |
| NFC Usage |
It is the permission required for NFC transactions used in mobile payment. |
| Photo/Media/File |
This is permission to select a profile photo from the gallery. |
| Camera |
It is the permission required to perform QR Code operations and Profile Photo Capture functions. |
| Prevent Entering Sleep Mode |
This is the permission required for the mobile payment function to work. |
Recipient Parties and Purposes for Transferring Personal Data
Your personal data collected in line with the fulfillment of the above-mentioned Purposes may be transferred to our business partners, affiliates, suppliers and shareholders within the scope of the establishment and performance of the contract and our legitimate interest, to legally authorized public institutions and legally authorized private persons within the scope of the establishment and performance of the contract and the fulfillment of our legal obligations, pursuant to the data processing conditions stipulated in Article 5 of the Law and in accordance with the rules regarding the transfer of personal data specified in Article 8 of the Law.
Method of the Collection of Personal Data
Your personal data is collected through our Mobile Application and internal Bank systems.
Rights of the Data Subject under Article 11 of the Law
We hereby declare that you are entitled to the following rights, regarding your personal data, set forth under Article 11 of the Law:
- To learn whether your personal data are being processed,
- To request information if your personal data have been processed,
- To learn the purpose of the processing of your personal data and whether they have been used accordingly,
- To learn which third parties domestic or abroad your personal data has been transferred to,
- To request rectification in case your personal data has been processed incompletely or inaccurately and to demand the operations in this regard be reported to third parties your personal data has been transferred to,
- To request deletion or destruction of your personal data within the framework of the conditions stipulated in the relevant legislation,
- To request the correction, deletion and destruction processes made in accordance with the relevant legislation be notified to the third parties to whom your personal data has been shared,
- To object to negative consequences to you that are concluded, as a result of analysis of the processed personal data through solely automatic systems,
- To demand compensation for the damages that you have suffered as a result of an unlawful processing of your personal data.
To exercise your rights listed above, you can submit your requests to our Bank;
- via our Branches with identity verification,
- via our Digital Channels or Call Center by performing identity verification,
- via notary public to Yapı Kredi Plaza D Blok Levent Istanbul,
- via secure electronic signature, to yapikredi@yapikredi.hs02.kep.tr,
- via your e-mail address registered in our Bank’s system.
The application must include the following;
- name, surname, and if the application is in writing, signature,
- for citizens of the Republic of Türkiye Turkish Republic identification number, for foreigners; nationality, passport number or identification number, if any
- residential or workplace address for notification,
- electronic mail address, telephone and facsimile number, if any
- subject of the request.
Your request will be concluded as soon as possible, within 30 days at the latest and in principle, free of charge. However, if the process requires additional costs, a fee may be demanded according to the tariff determined by the Personal Data Protection Board.
To be able to view PDF documents you must have Adobe Acrobat Reader installed.
Click here to install Adobe Acrobat Reader.
