DenizBank A.Ş only collects information it must due to legal legislation and also information that will enable it to provide the best services and products.

Our main approach is to handle customer data with secrecy, security and in line with customer wishes.

Customer information are private in terms of privacy terms of DenizBank and access to these data by DenizBank employees are regulated as per DenizBank Privacy Policies; customer data cannot be shared with any persons or institutions apart from obligatory situations stipulated in legislation.

For outsourcing services, there is always an article in signed agreements on customer data privacy and outsource companies and their personnel are required to obey secrecy and secret keeping rules determined as per DenizBank Privacy Policies.

Customer data can only be shared with other institutions upon customer request. We kindly request you to inform Açıkdeniz Telephone Banking through 0850 222 0 800 when you don’t wish to be notified by the Bank.

Customers are obliged to correctly identify themselves to access their information in the internet channels.

DenizBank respects your trust on condition that customer data security is ensured as per legal legislation.

DenizBank Security Group

Notification On Protection Of Personal Data

Taking into consideration the security of our valuable customers, we, as DenizBank A.Ş. (“Bank”), would like to inform you about “the Law on Protection of Personal Data” introduced for protecting the privacy of personal life, fundamental rights and freedoms.

Our objective is to provide you the most transparent information, for customer satisfaction purposes, on how your personal data is obtained, the purposes of processing such data, the related legal reasons and your rights.

In terms of all kinds of personal and biometric data, health data, corporate, commercial and other data, information and documents (“Data”), as per the Law on Protection of Personal Data No. 6698 which entered into force on 7th of April, 2016, DenizBank A.Ş., as Data Controller, may obtain, record, maintain, update personal data to continue its services within the scope of the law, reorganize and disclose, transfer and share data to/with third parties in cases and to the extent permitted by legislation, transfer, convey, share, classify, make anonymous and process the data in other formats prescribed in the law.

The purposes and legal reasons for processing your personal data include providing services that may be provided as agency under the Banking Law and other legislation, as well as providing, executing and improving all kinds of products and services related to banking, insurance and finance, carrying out promotion, marketing and campaigns for these products, fulfilling terms in agreements that are signed/shall be signed, carrying out intelligence, data research and credibility assessments, planning, statistics and customer satisfaction studies, maintaining security and complying with the liabilities of preserving, reporting, notifying the data set forth by anti-money laundering and national and international legislation, BRSA, CBRT, CMB, FCIB, Under-secretariat of Treasury and other authorized bodies to better serve our customers, develop suitable products and services and provide uninterrupted services.

Method of collecting personal data; your personal data may be collected automatically or manually, in writing or verbally or in electronic form through HQ units, branches, ATMs, kiosks, internet branches, call centers, parties that provide services that complete or extend the activities of public bodies and institutions and the Bank, contracted institutions and support services and other similar channels.

Persons/institutions to whom your personal data may be transferred for purposes stated above: your personal data may be shared with subsidiaries of our bank and their sub-institutions; employees, officers, legal, financial and tax consultants, auditors, consultants, institutions, parties the bank collaborates with to complete or extend services and support service companies and contracted offices including Credit Bureau and FINDEKS, card payment system companies including Europay INT.SA, Moneygram, Mastercard INT.INC, Visa INT, JCB INT, Maestro, Electron that are international or domestically established, BRSA, CMB, CBT, MASAK, Banks Association of Turkey, KOSGEB, income administration, under-secretariat of Treasury, SGK, ministries, authorized public bodies like judicial bodies, correspondent banks and domestic/foreign financial institutions and domestic/foreign merchants if necessary, persons, institutions and bodies that legislation including article 73/4 of Banking Law permits besides third parties to whom you explicitly give consent to.

Your rights as per article 11 of Law; By applying to our Bank, you have the right to a) query whether your personal data were processed, b) request information if your personal data was processed, c) learn the purpose of the processing of your personal data and whether it was used duly, ç) learn third parties domestic and abroad to whom your personal data was transferred, d) ask for the correction of any wrong or missing personal data, e) request the erasing or termination of your personal data as per terms given in article 7 of Law, f) request that the transactions done as per paragraphs (d) and (e) above by means of transferring your personal data to third persons be notified to you, g) object to any situation against your favor as your personal data are analyzed by exclusively automated systems and h) claim compensation for losses in case of any loss due to processing of your personal data by violation of Law.

Execution of your rights is possible after the enforcement date of the regulation which is 07.10.2016 and our rights are reserved to request costs to be incurred by our Bank to fulfill your requests from you as per tariff given in article 13 under Law on Protection of Personal Data entitled “Applying to data keeper.

Conditions that don’t require consent, as per paragraph 2 of article 5 of Law numbered 6698 on Protection of Personal Data, on condition that it is explicitly foresee in law and be directly linked to establishment or execution of an agreement; in cases when personal data belonging to agreement parties needs to be processed, data keeper DenizBank A.Ş is obliged to fulfill this legal obligation, when it is made public by the related person, data processing is obligatory to establish, use or protect a right, data processing is obligatory for the legal benefits of the Bank as the data keeper to not harm fundamental rights and freedom of persons and exemptions given in articles 73/4 in Banking Law, the Bank reserves the right to process the personal data without receiving explicit consent.

As per principle of clarity in texts that are published or disclosed or given in Laws, in order to fulfill Data that is obliged to be disclosed to public as per terms of Law or given in official registries or balance sheets and activity reports and for the Bank to fulfill legal obligations resulting from legislation; and/or data disclosure, usage and transfers aren’t subject to confidentiality obligation of the Bank in order to fulfill data transfer obligation to persons who may request the secrets due to legal reasons and/or Laws; and the bank is authorized to disclose and give to related persons, process and transfer said data without any need for a separate letter of consent.

Our Obligation of Confidentiality resulting from Law; as per article 42 of Law numbered 5411 on Banking and article 17 of Regulation on Terms and Conditions of Accounting Principles of Banks and Keeping Documents; it is a legal obligation to keep your information and documents in our bank for 10 years. If you request the deletion or termination of your personal data, your request shall be fulfilled at the end of 10 years. Even if the said times pass; your data might be made anonymous in line with legal benefits of the bank to conduct risk analysis and other banking analyses and assessments to help secure banking services improvement and safety further. Your personal data out of the scope mentioned above shall be deleted upon your request.