Processing of Personal Data Clarification Text
1. Data Controller
Q Investment Bank A.Ş. (Q Investment Bank or the Company) attaches importance to the security of personal data. The activities subject to the processing of personal data are carried out in accordance with the Personal Data Protection Law No. 6698 (KVKK or the Law), secondary regulations and Personal Data Protection Board Decisions.
This Clarification Text has been issued by Q Investment Bank, as the Data Controller, to fulfill the disclosure obligation described in Article 10 of the Law and to inform the real persons whose data are processed, of their rights listed in Article 11 of the Law.
2. Purposes of Processing Your Personal Data
Personal data obtained by the company can be processed for the purposes listed below within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law;
Within the scope of the legal conditions of clause 5/2(a) of the Law "Explicitly stipulated in the laws" and clause 5/2(ç) of the Law "It is mandatory for the data controller to fulfill its legal obligation";
- Fulfilling obligations under all other legislation and secondary regulations, in particular the Banking Law No. 5411,
- Execution of legal processes to which our bank is a party,
- Providing necessary information in line with the requests and inspections of regulatory and supervisory institutions and other official authorities,
- Creation of audit and inspection reports,
- Performance of obligations within the framework of the know your customer principle,
- Planning information security processes,
- Planning and execution of operational and systemic infrastructure processes,
- Planning and management of our financial security and risk management processes,
- Execution of finance and accounting works.
Within the scope of the legal requirement of subparagraph 5/2(c) of the Law "It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract";
- Fulfilling the obligations arising from the contracts to which our bank is a party,
- Planning and execution of loan processes,
- Execution of collateral transactions,
- Execution of customer relationship management processes,
- Management of relations with business partners, suppliers and affiliates.
Within the scope of the legal condition of "Data processing is mandatory for the establishment, exercise or protection of a right", clause 5/2(e) of the Law;
- Informing customers,
- Conducting communication activities,
- Follow-up of Requests / Complaints
Within the scope of the legal requirement of paragraph 5/2(f) of the Law, "It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject";
- Protecting the legitimate interests of our bank,
- Intelligence gathering and evaluation for customers and potential customers
- Execution of our strategic planning activities
- Planning and execution of our corporate governance and sustainability activities
3. Recipient Groups To Which Your Personal Data Can Be Transferred And For What Purpose
Personal data obtained in accordance with the data processing purposes in accordance with the terms of transferring personal data specified in Articles 8 and 9 of the Law;
- In order to fulfill the legal obligations, the Banking Regulation and Supervision Agency, the Capital Markets Board, the Central Bank of the Republic of Turkey, the Financial Crimes Investigation Board, the Banks Association of Turkey Risk Center, T.R. Ministry of Finance, Revenue Administration, T.R. Ministry of Treasury and Finance, Social Security Institution, Credit Registration Office, Credit Guarantee Fund and other legally authorized public institutions and organizations and legally authorized private legal persons,
- Accounting, law etc. real persons and legal entities of private law (such as Independent accountant financial advisor, Chartered accountant, Law Office) in order to receive service support in matters of law,
- Independent Audit Firm for the purpose of carrying out risk management and internal audit activities,
- To business partners, shareholders, affiliates, suppliers, in order to carry out commercial activities,
- Companies that receive information technology support
4. Collection Method and Legal Justification of Your Personal Data
Personal data is completely and completely limited by our Company's business units, including contracts, application forms, our website, telephones, verbal communication, computers, registered e-mail, e-mail, electronic notification, fax, short message, limited, measured and in connection with Data Processing Purposes. or partially automatically or non-automatically, by written, verbal, electronic or other means and within the scope of the following subparagraphs of the second paragraph of the fifth article of the Law;
- 5/2 (a): expressly stipulated in laws
- 5/2 (c): It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract
- 5/2 (ç): Obligatory for the data controller to fulfill its legal obligation
- 5/2 (e): Data processing is mandatory for the establishment, exercise or protection of a right
- 5/2(f): Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
5. Retention Periods of Personal Data
Personal data is kept safely by taking the necessary precautions for the physical or electronic environment in which the data is stored, in accordance with the nature of the data and the periods stipulated in the relevant laws. At the end of these periods, personal data will be deleted, destroyed or anonymized ex officio or upon the request of the data owner in accordance with Article 7 of the KVKK.
6. Your Rights
- Learning whether your personal data is processed,
- If your personal data has been processed, requesting information about it,
- To learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
- Knowing the third parties to whom your personal data is transferred, in the country or abroad,
- Requesting correction of your personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom your personal data has been transferred,
- Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist despite the fact that it has been processed in accordance with the Law and other relevant law provisions, and requesting that the process carried out within this scope be notified to the third parties to whom your personal data has been transferred,
- Objecting to this if a result arises against you by analyzing the processed data exclusively through automated systems,
- Requesting the compensation of the damage in case you suffer damage due to the unlawful processing of your personal data
You can submit your applications and requests regarding your rights listed above by filling out the Data Owner Application Forum published on our website and sending a wet-signed copy to Bayraklı Tower Mansuroğlu Mah. Ankara Cad. No:81/152 Kat:22 Bayraklı/İzmir in person or via a notary public or to our registered e-mail (kep) address.