NOTIFICATION ON THE PERSONAL DATA PROTECTION
As HSBC Bank A.Ş. ("HSBC" or "Bank"), the security of your information is one of our most important priorities. In this respect, we would like to inform you about personal data processed by our Bank in accordance with the Law On the Protection of Personal Data No. 6698 ("Law" made in order to protect the fundamental rights and freedoms of persons, as well as to protect personal data.
1. IDENTITY OF DATA CONTROLLER
Under the law, HSBC Bank A.Ş. acts as a "Data Controller". You can contact us using the contact details provided below:
Address : Esentepe Mah. Büyükdere Cad. No: 128 34394 Şişli / Istanbul
MERSİS No : 0621002428200197
Registration No : Istanbul Trade Registry Directorate - 268376
Web Site : www.hsbc.com.tr/
2. PURPOSES OF PERSONAL DATA PROCESSING
Within the framework of your relationship with our bank, your personal data is processed for the following purposes.
The following objectives may vary depending on your relationship with our Bank, the products and services that you are procuring or your permission to process your personal data. Depending on your relationship with our bank, in addition to the following objectives, you can also review the processing objectives in the sub-headings.
- Ensuring the complete and due performance of our contractual and statutory duties,
- Complying with national and international principles and rules, and performing information retention, reporting, and informing liabilities stipulated by the legislation and official authorities,
- Executing banking transactions; performing correspondent banking activities,
- Provision of our products and services within the scope of banking, finance, investment, portfolio management, realizing the instructions you submit about our products and services, making transfers of securities such as currency, foreign exchange and gold; executing payment transactions,
- Provision of products and services through online banking and our mobile app,
- Authentication to ensure the security of customers, Bank and data, carrying out, recording and reporting controls regarding money laundering, bribery, fraud, financial crime and sanctions, raising suspicious activity reports,
- Meeting the requirements of authorized agencies and organizations,
- Contract management, initiating legal transactions and following up on legal processes,
- Following financial and accounting transactions, generating financial and business reports,
- Conducting marketing, advertising, promotion, gift sending procedures and market research; transmitting electronic commercial messages and creating special products or campaigns in this regard, provided that you give consent; executing general and personal segmentation activities; identifying and recommending products or services that we think you may be interested in or that you may require,
- Executing customer relations activities,
- Upon your permission, providing notice of events, conferences and organizations; sending invitations; providing notice of surveys and current developments,
- Analyzing how our services are utilized by you and improving our products and services accordingly,
- Ensuring the continuity of security and activities; performing activity analyses, enhancements and performance measurements,
- Maintaining social responsibility activities that our bank is involved in,
- Planning the information security processes, as well as auditing and performing them,
- Evaluating and responding to the suggestions, requests and complaints sent through various channels and making improvements in line with the notifications; delivering the quality standards for customer services; recording conversations made through the call center accordingly and listening to and analyzing these records by our authorized units when necessary,
- Conducting effectiveness and expediency analyses for our commercial operations; planning and execution of such operations,
- Management and recording of communications with our bank,
- Performing reporting and auditing activities,
- Planning and/or execution of activities related to establishing, sustaining and/or discharging collaterals,
- Performing credibility assessments; following up and controlling credit monitoring and repayment processes,
- Managing the legal, financial, commercial, compliance and reputational risks faced by our bank; taking necessary steps to protect our rights in disputes to which we are a party of,
- Making international money transfers, processing payment objections related to transactions made via credit cards abroad, collecting foreign checks,
- Exchanging information with institutions and organizations, banks, prospective buyers or risk center stipulated within the framework of the provisions of the Banking Law No. 5411; drawing up consolidated financial statements of the main partnerships; executing risk management and internal audit activities; executing valuation activities to sell Bank assets or securities based on them, including but not limited to loans; executing valuation, rating or assistance services; executing independent audit activities and service purchases,
- Making banking services accessible and suitable for the customers with disabilities.
2.1. Related or Connected Real Person Parties, Representatives, Shareholders and Employees of Legal Person Customers
Your personal data, shared with us or disclosed in any public media by the legal entity to which you are an related and/or connected party and which is our customer through the business processes and transactions performed with our Bank, shall be collected. We may process such information within the scope of our Bank's risk management activities by drawing up and executing agreements with the relevant legal entity.
2.2. Branch Visitors and Non-Customers Performing Transactions in the Branch
Identity information, contact information, CCTV records, financial data collected when you visit the facilities of our branch network and make transactions at the branches and the data provided by you are processed for the following purposes: depositing cash into the account; withdrawing cash from the account by instruction; loan payment; credit card payment; check/promissory note payment, receiving cash for the remittance to name; bill, tax, Social Security Institution payments; taking delivery of credit and debit cards; remittance to the customer's account; writing off the customer's account book at the branch; provision of our products and services; in order to ensure the security of the facility, taking video and controlling these records through the security cameras located in the branch, on the exterior of the building and ATMs, managing and recording the communication with HSBC.
2.3. Buyers of Insurance Products or Services
HSBC also provides our customers with intermediation activities regarding insurance products or services. The personal data of our customers utilizing our intermediary services is processed for the purposes of intermediating the insurance policy applications and the calculation of insurance premiums, intermediating the transmission of indemnity claims under the insurance policy to the insurer and their payment. We would like to emphasize that there will be insurance companies acting as the main data controller intermediaries in terms of insurance transactions such as risk and premium calculation, and indemnity payments. For more information regarding personal data processing within this regard, please take a look at the privacy noticies of the insurance companies we cooperate with.
2.4. Individuals Under Risk Group
In Article 49 of the Banking Law No. 5411, individuals constituting the “risk group” are defined. Accordingly, risk groups are composed of following individuals: in terms of real persons, the person himself/herself and his/her spouse and children, the undertakings where they are members of board of directors or general managers or the undertakings which they or a legal person control individually or jointly, directly or indirectly or participate in with unlimited responsibility; a bank’s qualified shareholders, board of directors’ members and general manager as well as the undertakings they control individually or jointly, directly or indirectly or participate in with unlimited responsibility or where they are members of board of directors or general managers; real and legal persons that have surety, guarantee or similar relationships where the insolvency of one will lead to the insolvency of the others. Banking Regulation and Supervision Agency also has the authority to identify other natural and legal persons to be included in the risk group.
The personal data of the individuals within the scope of the risk group may be processed for the purposes of fulfilling our legal obligations, particularly as per the banking legislation; identifying the risk groups; determining the total loan amount that can be given to the individuals within the same risk group; conducting credibility assessments and managing the legal and financial risks faced by our Bank.
2.5. Persons who Secure or Guarantee for the Persons Utilizing a Product or Service
The personal data of individuals who provide guarantee or go surety for those who utilize our products or services is processed for the following purposes: Managing the legal and financial risks of our bank; Making necessary transactions to protect our rights in disputes to which our bank is a party; Offering our products and services and making credibility calculations; In the cases where the individual utilizing the products or services fails to pay or defaults on his/her debts, collecting the receivables of our Bank.
2.6. Event/Organization Participant
Photos or videos can be taken at the training sessions, seminars, events, invitations and other events organized by our bank. These visual records can be processed for the purposes of visually promoting the events organized by our bank for the public, providing information and/or raising awareness, and performing activities to enhance brand value and reputation of our Bank through advertising and promotion.
2.7. Supplier/Business Partner Connected and Related Officers/Employees
Your personal data, shared with us or disclosed in any public media by the legal entity to which you are an officer and/or employee and which is our supplier/Business partner through the business processes and transactions performed with our Bank, shall be collected. We process such information within the scope of our Bank's risk management activities by drawing up and executing agreements with the relevant legal entity.
3. TRANSFER OF THE PERSONAL DATA
Your personal data can be shared with authorized agencies and organizations including but not limited to The Banks Association of Turkey Risk Center, Credit Reference Agency, Banking Regulation and Supervision Agency, Capital Markets Board, Central Bank of Turkey, Financial Crimes Investigation Board, Ministry of Treasury and Finance, Financial Crimes Investigation Board, Inter-Bank Card Center, Banking Association of Turkey, Central Registrar, law enforcement agencies, courts and enforcement directorates, domestic and international banks and clearing entities that provide intermediary/custody services for domestic and foreign currency and securities transfer, securities custody requests, and HSBC group companies (referring to HSBC Holdings plc and/or its affiliates, subsidiaries, joint ventures and any branches and offices thereof) in Turkey or overseas, third parties we serve as intermediaries and agents of, correspondent banks with which we cooperate, business partners, shareholders of our Company, service provider firms, vendors and support service providers and staff, officials, and subcontractors thereof, for the purposes specified in article 2 of the present NotificationText, within the framework of the provisions of the Law, covering the transfer of personal data within the country and abroad.
4. PERSONAL DATA COLLECTION METHODS AND THE LEGAL GROUNDS
Your personal data is collected on physical, written, verbal and electronic media, via the internet, phone, e-mail and mobile app, during your applications for products and services, visits to our head office, web site and branches, use of mobile app, ATM and online banking, and your calls with the call center, from you, The Banks Association of Turkey Risk Center, Credit Risk Center, the Identity Sharing System, legal entities that you are related and/or connected with, legal authorities and sources available to the public during the establishment and maintenance of the legal relationship with our Bank. The collected personal data is processed based on the following legal grounds stipulated in Articles 5 and 8 of the Law:
- There is an express consent;
- The binding legislation for our Bank clearly stipulates so;
- Provided that it is directly related to the establishment or performance of a contract, the existing of a necessity to process personal data belonging to the parties to the contract so as to offer the requested products and services and meet the requirements of the contracts concluded;
- It is compulsory so as to meet the legal liability;
- Data processing is necessary to establish, use or protect a right;
- It is made public by the related persons themselves;
- Data processing is necessary for the legitimate interests of data controller, provided that no harm is caused to the fundamental rights and freedoms of the relevant person.
In case of personal data transferring to overseas countries, in addition to the abovementioned legal grounds, personal data can only be transferred abroad if the respective foreign country;
- offers adequate protection;
- and, in case there is no adequate protection, if HSBC and the respective data controller in the foreign country to which data will be transferred guarantee adequate protection in writing and if the Personal Data Protection Board gives its approval.
5. WHAT ARE YOUR RIGHTS?
You have the following rights concerning your personal data, as per the provisions in Article 11 of the Law.
- To find out whether your personal data has been processed or not;
- To request relevant information if your personal data has been processed;
- To find out the grounds for processing your personal data, and whether it is used for the intended purpose;
- To learn about the third parties to whom your personal data is transferred at home or abroad;
- To demand correction in the event of incomplete or incorrect processing of your personal data;
- To demand the deletion or destruction of your personal data;
- To demand the notification of the third parties to whom personal data was transferred, about any personal data correction, deletion or destruction;
- To object to any outcome to the detriment of the person involved, through the analysis of processed data exclusively via automatic systems;
- To demand damages should any losses be incurred due to the illegal processing of personal data.
6. CONTACTING US FOR YOUR RIGHTS AND REQUESTS
You can either personally submit your requests to our branches in writing or send them through a notary public as per your legal rights. You can also send an e-mail to email@example.com using registered electronic mail (KEP) address, secure electronic signature, mobile signature, or to firstname.lastname@example.org using the electronic mail address previously reported to our Bank and registered in our systems.
The application must include (i) name, surname and, if in writing, signature; (ii) Republic of Turkey identification number for citizens of the Republic of Turkey, and nationality, passport number or, if any, identification number for foreigners; (iii) residential area or workplace address provided for correspondence; (iv) if any, electronic mail address, telephone and fax numbers provided for notification and (v) subject of the request.
Applications made within this scope are accepted following an identification verification by us, and your requests stated in the application are concluded as soon as possible and within 30 days at the latest depending on the type of requests.
7. THINGS YOU CAN HELP WITH
It is important that the personal data we keep about you should be correct and up-to-date. To this end, we kindly ask you to inform us of any change to your personal data using our abovementioned contact details.
If you share with our Bank any personal data not belonging to you, you should make sure that this NotificationText is referred to and read by them so that they can have knowledge about the use of their personal data.
If you would like to get further information regarding personal data you can always reach us via the abovementioned contact details or visit Personal Data Protection Agency’s website by clicking https://www.kvkk.gov.tr/.