At HSBC Bank A.Ş. (“HSBC” or the “Bank”), the information security of our Customers is one of our top priorities. In this respect, we would like to inform you about personal data processed by our Bank in accordance with the Law On the Protection of Personal Data No. 6698 (“Law” made in order to protect the fundamental rights and freedoms of persons, as well as to protect personal data.
1. IDENTITY OF DATA CONTROLLER
Under the law, HSBC Bank A.Ş. acts as a “Data Controller”. You can contact us using the contact details provided below:
Address: Esentepe Mah. Büyükdere Cad. No: 128 34394 Şişli / Istanbul
MERSİS No: 0621002428200197
Registration No: Istanbul Trade Registry Office - 268376
Website: www.hsbc.com.tr/
2. PURPOSES OF AND LEGAL GROUND FOR PERSONAL DATA PROCESSING
Your personal data are processed for the purposes as set out below and in accordance with legal terms of data processing (“legal ground”) as part of the processes regarding personal lending products with our Bank:
Personal Data Categories |
Purpose of Processing Personal Data |
Legal Ground |
Identity
Communication
Customer transaction
Risk management
Finance
Professional experience |
- Authentication to ensure the security of customers, Bank and data; carrying out, recording and reporting controls regarding money laundering, bribery, fraud, financial crime and sanctions, raising suspicious activity reports
- Exchanging information with institutions and organizations, banks, prospective buyers or risk center stipulated within the framework of the provisions of the Banking Law No. 5411, drawing up consolidated financial statements of the main partnerships, executing risk management and internal audit activities, executing valuation activities to sell Bank assets or securities based on them, including but not limited to loans, executing valuation, rating or assistance services, executing independent audit activities and service purchases
|
Based on the legal ground that processing is required in order for the Bank to fulfill its legal obligation as the data controller |
Identity
Communication
Risk management
Customer transaction
Finance
Professional experience |
- Arrangement and execution of the banking transactions agreement pursuant to your credit card and limit increase request
- Performing customer due diligence and retail onboarding system evaluations
- Determining and negotiating the conditions of credit card and limit increase
- Provision of credit card services/transactions through online banking and our mobile application
|
Based on a legal ground that requires processing of personal data belonging to the agreement parties, provided that it is directly related to the execution and fulfilment of an agreement |
Identity
Communication
Customer transaction
Risk management
Finance
Professional experience |
- Contract management, initiating legal transactions and following up on legal processes, conducting debt follow-up through contracted law firms and/or performing transfer of receivables to the asset management company
- Managing the legal, financial, commercial, compliance and reputational risks faced by our Bank, taking necessary steps to protect our rights in disputes to which we are a party
|
Based on a legal ground that requires data processing to establish, exercise or protect a right |
3. TRANSFER OF THE PERSONAL DATA
Your personal data are transferred for the below mentioned purposes and in accordance with legal terms of data processing (“legal ground”) as part of your loan processes with our Bank:
Personal Data Categories |
Persons/Organizations on the Receiving End and Purposes of Transfer |
Legal Ground |
Identity
Communication
Risk management
Customer transaction
Finance
Professional experience |
To judicial authorities and public institutions and organizations that are legally authorized to receive information, for legal reasons such as legal reporting, carrying out regulation and supervision activities and managing complaints and legal processes:
- The Banks Association of Turkey Risk Center
- CBRT Central Bank
- Credit Reference Agency (Kredi Kayıt Bürosu A.Ş.)
- Banking Regulation and Supervision Agency
- Capital Markets Board
- Ministry of Treasury and Finance, Financial Crimes Investigation Board, Revenue Administration
- Interbank Card Center
- The Banks Association of Turkey
- Courts, Execution Offices and Consumer Arbitration Committees
- Identity Information Sharing System, Address Based Registration System, e-sequestration system, e-pledge system
- PTT
- Other authorized bodies and organizations
|
It is required in order for the Bank to fulfill its legal obligation and it is clearly set forth in the laws |
Identity
Communication
Risk management
Customer transaction
Finance
Professional experience |
For the purpose of following financial and accounting transactions, generating financial and business reports,
- Shareholders of our company
- Authorized business partners such as financial advisors and auditing companies
Contract management, initiating legal transactions and following up on legal processes, conducting debt follow-up through contracted law firms and/or performing transfer of receivables to the asset management company
- Business partners
- Law firms, parties providing collection services to us
Arrangement and execution of the banking transactions agreement pursuant to your credit card and limit increase request;
- Companies providing services to us, suppliers and support service provider companies and their employees, authorized persons and subcontractors
For the purpose of providing products and services through online banking and our mobile application:
- Companies providing services to us, suppliers and support service provider companies and their employees, authorized persons and subcontractors
|
Data processing is necessary for the legitimate interests of the Bank, provided that no harm is caused to the fundamental rights and freedoms of the relevant person |
4. PERSONAL DATA COLLECTION METHODS AND THE LEGAL GROUNDS
Your personal data are physically collected through printed forms, phone, phone banking, branches and ATMs and electronically collected through the internet, phone, short messages (SMS), e-mail and mobile application channels. Collected personal data will be processed based on the legal data processing conditions specified under title number 2 of the text.
5. WHAT ARE YOUR RIGHTS?
You have the following rights concerning your personal data, as per the provisions in Article 11 of the Law.
- To find out whether your personal data has been processed or not;
- To request relevant information if your personal data has been processed;
- To find out the grounds for processing your personal data, and whether it is used for the intended purpose;
- To learn about the third parties to whom your personal data is transferred at home or abroad;
- To demand correction in the event of incomplete or incorrect processing of your personal data;
- To demand the deletion or destruction of your personal data;
- To demand the notification of the third parties to whom personal data was transferred, about any personal data correction, deletion or destruction;
- To object to any outcome to the detriment of the person involved, through the analysis of processed data exclusively via automatic systems;
- To demand damages should any losses be incurred due to the illegal processing of personal data.
6. CONTACTING US FOR YOUR RIGHTS AND REQUESTS
You can either personally submit your requests to our branches in writing or send them through a notary public as per your legal rights. You can also send an e-mail to hsbcbank@hs04.kep.tr using registered electronic mail (KEP) address, secure electronic signature, mobile signature, or to kvkkiletisim@hsbc.com.tr using the electronic mail address previously reported to our Bank and registered in our systems. You can also reach us via telephone banking by calling 0850 211 0 111 to exercise your rights.
The application must include (i) name, surname and, if in writing, signature; (ii) Republic of Turkey identification number for citizens of the Republic of Turkey, and nationality, passport number or, if any, identification number for foreigners; (iii) residential area or workplace address provided for correspondence; (iv) if any, electronic mail address, telephone and fax numbers provided for notification and (v) subject of the request.
Applications made within this scope are accepted following an identification verification by us, and your requests stated in the application are concluded as soon as possible and within 30 days at the latest depending on the type of requests.
7. THINGS YOU CAN HELP WITH
It is important that the personal data we keep about you should be correct and up-to-date. To this end, we kindly ask you to inform us of any change to your personal data using our abovementioned contact details.
If you would like to get further information regarding personal data you can always reach us via the abovementioned contact details or visit Personal Data Protection Authority’s website available at https://www.kvkk.gov.tr/.
Version: 1.0
Date: 18.08.2022