Personal Data Protection and Processing
Personal data processing is a series of processes performed on personal data,
including personal data collection, recording, storage, modification,
rearrangement, disclosure, transfer, receipt, classification, and blocking
use.
Yapı Kredi exercises the utmost care to ensure full compliance with the
Personal Data Protection Law No. 6698 ("Law"), which was ratified on March 24,
2016, and entered into force upon its publication in the Official Gazette on
April 7, 2016, as well as the regulations governing its implementation.
Committed to the highest standards in customer experience and satisfaction,
Yapı Kredi attaches great importance to the rights and liberties of its
customers. The Bank endeavors to ensure full compliance with the Law on the
Protection of Personal Data (LPPD) when processing personal data of all
individuals who are in a commercial relationship with the Bank, including
users of its products and services, and is committed to confidentiality and
the security of any such data.
The LPPD Compliance Department was established by the Board of Directors as a
result of the Bank's emphasis on confidentiality and building confidence in
its actions, and it reports to the Audit Committee. The Bank's efforts in this
context include ensuring compliance with the provisions of
"Yapı ve Kredi Bankası Anonim Şirketi Corporate Policy on Personal Data
Protection and Processing"
"Yapı ve Kredi Bankası Anonim Şirketi Corporate Policy on Employee Personal
Data Protection and Processing," and other regulations on personal data
protection. As part of its activities, the Bank conducts a risk-based
evaluation of issues related to data processing and confidentiality with
respect to the collected data. The Bank determines its personal data
protection strategy, internal controls and measures, operational rules, and
internal responsibilities based on this approach. The Bank also carries out
activities to raise awareness of personal data subjects and employees.
The Bank's personal data policies include protecting and processing the
personal data of:
- existing and potential customers,
- customer representatives and shareholders,
- natural person guarantors,
- employee and intern candidates,
- potential business partners,
- employees, shareholders, and executives of partners,
- potential contractors/suppliers/service providers,
- employees, shareholders, and executives of contractors/suppliers/service
providers,
- marketing campaign/competition participants,
- members of the press,
- family members and relatives of data subjects, and other relevant third
parties.
Personal data is transferred to the following for reasons specified in the
relevant laws and legislation and policies: legally authorized public
agencies, partners, suppliers, shareholders, and affiliates. Yapı Kredi also
ensures that contracts with third parties include provisions for ensuring
compliance with statutory obligations under the LPPD. Furthermore, the Bank
acts in accordance with the Banking Regulation and Supervision Agency (BRSA)
obligations regarding data protection and processing when outsourcing
services.
Personal data subjects may contact Yapı Kredi in writing or through any
channel that allows verification of the data subject's identity, such as
registered email, secure email, secure e-signature, mobile signature, or the
data subject's e-mail address that is already registered in the Bank's systems
to exercise their rights listed below:
- Inquire about whether their personal data has been processed,
- If their personal data has been processed, request information on the
processing,
- Learn the purpose of the processing of their personal data and whether their
data is used in accordance with the specified purpose,
- Request information on domestic and foreign third parties with whom their
data has been shared,
- Request correction in case the personal data processed is inaccurate or
incomplete, and that the action taken in this context be notified to the
third parties to whom the personal data is transferred,
- Request deletion or destruction of personal data that is lawfully processed
under the law and other applicable legislation in case the reason for
processing is no longer applicable, and that the action taken in this
context be notified to the third parties to whom the personal data is
transferred,
- Object to any result that is to their detriment as a result of an
exclusively automated analysis of their personal data,
- Claim compensation for the damages they might have suffered in the event
their personal data is processed in an unlawful manner.
Data security constitutes a major aspect of the Bank's obligations concerning
the personal data it processes. Accordingly, the Bank takes necessary
technical and administrative measures to prevent unlawful processing of, and
access to, personal data and to establish a sufficient level of security to
protect personal data. The Bank has also included effective and responsive
solution mechanisms against data breaches in its corporate plans and
procedures to inform and direct the necessary and adequate action in the event
of a breach. In the event of policy changes and revisions, the up-to-date
policies are communicated to the public via the Bank's corporate websites. All
Yapı Kredi employees, including the employees of Yapı Kredi affiliates, are
given annual training to ensure compliance with the Law and to raise awareness
about personal data protection practices.
To be able to view PDF documents you must have Adobe Acrobat Reader installed.
Click here to install Adobe Acrobat Reader.