This Policy aims at (i) establishing set of rules for discipline in personal data processing operations carried out by QNB Finansbank A.Ş. ("QNB Finansbank") under the Banking services in compliance with legislation, (ii) defining principles adopted for processing personal data in relation with the fundamental rights and freedoms of the person covered by 20th Article of the Constitution along with the material-nonmaterial wealth and personal integrity set forth in 17th article of the Constitution and (iii) ensuring transparency by providing information to Personal Data Owner/Relevant Persons whose personal data is processes by QNB Finansbank to generate corporate culture
QNB Finansbank pays maximum attention to safety of personal data and carries out activities by considering the prioritization of personal data safety in all products and services.
The main principle of QNB Finansbank is to use Personal Data for banking transactions and to protect privacy, fundamental rights and freedoms of the person whose data is processed.
In terms of practicing the law and under this Policy:
Express consent: The consent which is based on being provided information and explained with free will on a specific subject.
Anonymization: The process of transforming the personal data so as to ensure unfamiliarity to any natural entity's data whose identity either can or cannot be determined even if such data is matched.
Relevant User: Persons who are responsible for technical storage, protection and backup of data or persons who process the received data in parallel with the authorization and directions given by the data supervisor or within the data organization excluding the unit.
Disposal: Procedure on erasure, disposal or anonymization of personal data
Law : The Privacy Act with no.6698.
Personal Data Owner/ Relevant Person: Customers or potential customers whose personal data is processed, employees, candidates, shareholders, visitors, institutions and entities and employees, shareholders and supervisors and the third real person of them which have business relations (support service, independent audit, rating, consultancy, service, purchasing, cooperation, solution partnership etc.) within the frame of a contract drawn up with the Bank.
Personal Data: All kinds of information related to a real person whose identity is determined or can be determined.
Processing personal data: All kinds of transactions carried out on personal data such as obtaining, saving, storing, changing, personal data through non-automatic ways, re-editing, explaining, transferring, taking over, becoming obtainable, classifying or preventing the usage.
Board: Protection of Personal Data Institution
Institution: Protection of Personal Data Institution.
Customer: The real person who receives service from the Bank according to the contract he/she has signed with the Bank and whose data is processed.
Data Processor: Real person or legal entity who process personal data according to the authorization given by the data supervisor on behalf of him/her.
Data Registry System: Registry system that personal data is processed by structuring according to the specified criteria
Data Supervisor: Real person or legal entity who determines the process purposes of the personal data and is responsible for set-up and management of the data registry system.
This Policy applies to all personal data which are processes by non-automatized means with the condition of being a part of data registry system whether partially or wholly automatized and which belong to QNB Finansbank's customers, potential customers, employees, candidates, shareholders, visitors; to entities and institutions working with the Bank under a contract signed (supportive services, independent auditing, rating, consultancy, service, purchasing, collaboration, solution partnerships, etc.), and their employees, shareholders, executives and to third persons.
This Policy enters into force on 07.10.2016. Should this Policy partially or wholly renewed, relevant versions of the Policy are updated.
This Policy is published at QNB Finansbank website www.qnbfinansbank.com, and it can be shared with the Personal Data Owner/Related Person is demanded.
All employees are liable for implementation of this Policy throughout QNB Finansbank within the scope of their authorizations.
The status of personal data which are currently processed are regulated in the 3rd paragraph of the provisional 1st article of the Act. Accordingly, Personal Data processed prior to the date of effective of the Act are updated as per the provisions of the Act within two years as from the date of effective. The Personal Data which is detected to be contradictory to the provisions of the Act is disposed or anonymized. And yet, the legal consent which is obtained prior to April 7, 2016 (the effective date of the Act) are deemed as compliant to the Act should otherwise is declared within one year.
As per the 2nd article of the Act, the provisions of the Act apply to real persons whose personal data is processed and to natural and corporate entities who process information such data automatically in part or whole or non-automatically with the condition of being a part of any data registry system. Accordingly, Personal Data of all corporate entities are excluded by the Act; however, such data will be deemed included in the Act should it becomes possible to determine the real person by using the data of corporate entity.
The anonymized and unidentifiable data and data on corporate entities are not considered as Personal Data and they are not subject to this Policy.
All kinds of information related to a real person whose identity is determined or can be determined. To qualify any data as Personal Data, the data must be related to real person and this person must be identified or identifiable.
The term of "Processing Personal Data" indicates a cycle. In the 2nd article of the Act, such act is defined as a process which is initiated as receiving information automatically in part or whole or non-automatically with the condition of being a part of a data registry system and following data processing transaction of any kind. After collecting Personal Data as defined, any operation carried out till the erasure, disposal or anonymization transactions is considered as processing of Personal Data under the Act.
Personal Data can be processed in various ways:
Personal Data can be processed either automatic or non-automatic methods.
a. Automatic Processing
Automatic data processing is the processing operations which are performed by devices with software such PC, telephone, watch, etc. and which are automatically carried out without any intervention by humans by means of algorithms arranged beforehand via software and hardware features.
b. Non-automatized Methods for Processing (Provided that the Data is a Part of Data Registry System)
Even if Personal Data is not subjected to automatic processing, they will be subject to the provisions of the Act once they are processed via "data registry system". These systems can be created either in physical or electronic media.
All the conditions should be fulfilled in order for the data to be processed in compliance with the law:
During the period when banking services offered by QNB Finansbank is used by our customers and following that the relation is over, Bank has the right to process the data of Personal Data Owner/Relevant Person provided that it follows the purposes specified in this Policy.
With respect to Personal Data Owner/Relevant Person, QNB Finansbank has the right to process the data of the Personal Data Owner/Relevant Person provided that the reasons of compliance with law foreseen in the Law continue.
Personal Data processing performed by QNB Finansbank is the transactions carried out for the data by using the automatic, half-automatic or non-automatic ways within the scope of banking activities.
Personal Data Processing refers to all kinds of transactions performed on the data such as obtainment, voice or video recording, collecting these, saving, reserving, organizing, storing, using, changing, re-editing, classifying, explaining, transferring to the homeland or abroad, making obtainable, taking over, preventing from using.
Personal Data is processed in compliance with the principles foreseen in the Law and the procedures and principles stated in this Policy and within the scope below.
QNB Finansbank processes the Personal Data in compliance with the relevant legislation and core of good faith and uses within relevant limits.
QNB Finansbank ensures that Personal Data is accurate and updated paying attention to the fundamental rights and freedoms of the Personal Data Owners. Within this scope, it takes into consideration the principles such as determined sources, confirmation of their accuracy, evaluating if they require to be updated or not.
QNB Finansbank determines the data processing purpose clearly and precisely and ensures that this purpose is legal. Legalizing the purpose means that the Personal Data processed by QNB Finansbank is connected to the banking services and works and activities performed within this scope and is required for these.
QNB Finansbank ensures that processed Personal Data is sufficient for the purposes to be actualized and avoids the processing of the Personal Data which is not related to the actualization of the purpose or is not needed. It actualizes the Personal Data processing conditions regulated in the Law, as if it is just beginning to process, in order to process data regarding the fulfillment of the needs which are possible to occur later. Besides, it confines the processed data to what is required to actualize the purpose.
If there is a period foreseen for storage of the data, QNB Finansbank adjusts to these periods for all the legislations it is subject to within the scope of Banking Law and activity no.5411, otherwise it preserves the Personal Data for the period required as the purpose of processing. If there is not a valid reason for a Personal Data to be preserved longer by QNB Finansbank, relevant data is erased, disposed or anonymized within the frame of the regulations in the "Personal Data Storage and Disposal Policy".
Statement of approval that is given by the customer for data processing related to him/her, having sufficient knowledge on the subject, leaving no room for hesitation and limited to only this transaction is defined as "express consent" in the Law. As per the article 5 of the Law, express consent is one of the personal data processing conditions in the Law and it does not have any comparative advantages over the other personal data processing conditions. Express consent is not the sole element which brings legality to the data processing activity.
If one of the conditions below is present, without the express consent of the Personal Data Owner/Relevant Person, processing of the personal data is possible:
QNB Finansbank shows the required sensitivity on following the main principles regarding the protection of Personal Data and looking after the benefit balance of the Personal Data Owner/Relevant Person.
QNB Finansbank processes the Personal Data in order to:
within the scope of Personal Data processing conditions stated in the 5th and 6th articles of the Law.
Current Employees: QNB Finansbank has the right to process the personal data which the Personal Data Owner/Relevant person has declared because he/she will start working for the Bank, with the purposes of executing the contract within the frame of the employment contract drawn up with QNB Finansbank, and/or fulfillment of his/her Benefits and Compensation Rights arising from this contract and maintenance of these uninterruptedly, all kinds of insurance services offered to the employees, occupational health and safety services, monitoring of performance management and evaluation, training activities and fulfillment of human resources and training processes.
Candidates: Evaluation of the job applications is carried out in compliance with the regulations of law related to the management of enquiry, research and other recruitment process.
For the processing of the Personal Data which is related to the business relation but is not the part of the execution of the employment contract at first, it should have the reasons of compliance with the law. (Consent of the applicant (electronic or non-electronic ways), Legal interest of QNB Finansbank, data processing principles and purposes stated in the Law and this Policy)
QNB Finansbank, with the video records made with the security cameras in the entrances and inside of Head Office, Regional Offices, Branch, ATM, has the purposes for protecting the security of itself and third parties.
Data processing activity mentioned above, is carried out in compliance with the Law on Private Security Services with no.5188 and the relevant legislation.
QNB Finansbank engages in the security camera monitoring activity in compliance with the purposes foreseen in the relevant legislation and the Personal Data processing conditions stated in the Law in order to provide the security.
Voice recording is carried out when QNB Finansbank is communicated through phone provided that the Personal Data Owner/ Relevant Person is informed.
Data Processing Regarding the Visitors
Personal Data Processing is carried out regarding the visitor entries and exits QNB Finansbank Head Office, Regional Offices and Branches for providing security with the purposes stated in this Policy by QNB Finansbank.
Personal Data Owner/ Relevant Persons are provided with information when their names are obtained while they enter QNB Finansbank Head Office, Regional Offices and Branches as visitors or through the informative texts hung within the QNB Finansbank Head Office, Regional Offices and Branches or presented to the visitors.
Data, which is obtained for monitoring of visitor entries-exits, is only processed with this purpose and the relevant personal data is saved to the data registry system on the physical platform.
Storage of the Records Regarding the Internet Access Provided For Visitors
Internet access can be provided for visitors requesting this service within the Head Office buildings with the maintenance of security and the purposes stated in this Policy by QNB Finansbank. Logs regarding the internet access are recorded according to the Law on Regulation of Publications on the Internet and Suppression of Crimes by means of such Publications no.5651 and the imperative provisions of the legislation regulated according to this law; these records are only processed in case they are requested by the authorized state institutions and organizations or in order to fulfill our legal liabilities in the auditing process to be carried out within QNB Finansbank..
The logs, obtained within this frame, can only be accessed by the limited employees of QNB Finansbank. QNB Finansbank employees who have access to mentioned records, share them to respond to the requests coming from the authorized state institutions and organizations or with the persons legally authorized to access to use them in the auditing process.
Web Site Visitors
On the websites in the property of QNB Finansbank; internet movements in the website are saved through the technical means (E.g. Cookies) in order to provide that visiting purposes are carried out in compliance with the visiting purpose of the visitors, to display specialized contents and perform online advertisement activities.
QNB Finansbank act in compliance with the regulations foreseen in the Law during the processing of personal data determined as "special quality" with the Law.
On the Article no.6 of the Law, a number of personal data having the risk to cause unjust treatment of the people or discrimination are determined as "special quality". These data is related to ethnicity, political view, philosophical view, religion, sect or other beliefs, appearance, association, foundation or union memberships, health, sexual life, conviction and security precautions and biometric genetic data.
Provided that sufficient precautions determined by the Board are taken, in compliance with the Law by QNB Finansbank, Special quality personal data is processed
The special quality personal data except the health and sexual life of personal data owner in the situations foreseen in the laws,
The special quality personal data regarding the health and sexual life of the personal data owner is only processed by the people having the liability to keep secrets or authorized institutions and organizations with the purposes of protection of the public health, maintenance of preventive medicine, medical diagnosis, treatment services, planning and management of the health and financing services.
QNB Finansbank can transfer the personal data of the Personal Data Owner/Relevant Person to the third parties taking the required precautions in line with its legal personal data processing purposes. QNB Finansbank acts in compliance with the regulations foreseen in the article no.8 of the Law accordingly.
QNB Finansbank can transfer the Personal Data to the third parties in line with the legal personal data processing purposes, based on and limited to the one or some of the data processing conditions stated in the article no.5 of the Law mentioned below:
Transferring To Abroad
QNB Finansbank can transfer the Personal Data of the Personal Data Owner/Relevant Person to the third parties taking the required precautions in line with its legal Personal Data processing purposes.
Personal data can be transferred to the foreign countries, which are declared to have sufficient protection by the Board ("Foreign Country with Sufficient Protection") or if there is insufficient protection, to the foreign countries ("Foreign Country Which Has The Data Supervisor Undertaking The Sufficient Protection") which data supervisors in Turkey or in the relevant foreign country undertake a sufficient protection as written and which have the Board permission. QNB Finansbank acts in compliance with the regulations foreseen in the article no.9 of the Law.
If there is express consent of the Personal Data Owner/Relevant Person in line with the legal personal data process purposes or if there is not any expressed consent, in case one of the the situations below is present, QNB Finansbank can transfer the personal data to the foreign countries which have The Sufficient Protection or A Data Supervisor Undertaking the Sufficient Protection:
Personal Data, which is processed by QNB Finansbank,is transferred limited with the purposes of planning and carrying out strategies, procurement of legal, commercial and physical security of QNB Finansbank to the entities and institutions that are working with the Bank (support service, independent auditing,rating, consultancy, service, purchasing, cooperation, solution partnerships etc.) with the purpose of fulfillment of the contract, providing corporate operation, conducting works to benefit customers from the products and services offered in the best way; making the products and services specialized according to the requests, needs and claims of the customers, developing the services offered on the website, planning and implementing our human resources policies in the best way, contacting those who directed their requests and complaints to QNB Finansbank and within the scope of the conditions stated in the articles no.8 and 9. Of the Law.
Erasure, Disposal And Anonymization Of Personal Data
Provided that provisions in the other laws related to erasure, disposal and anonymization of personal data are kept secret, although the Bank process that in compliance with this Law and other provisions of the Law, it erases, disposes and anonymizes the personal data ex officio and on demand of the Personal Data Owner/Relevant Person and within the frame of the principles in the Personal Data Storage and Disposal Policy if the causes requiring the processing disappear.
Erasure of the Personal Data is the process of making the Personal Data inaccessible and unusable.
Disposal of the data is the process of making Personal Data inaccessible, nonreturnable and unusable.
Anonymization of the data ensures the personal data to be unassociated with any identified or unidentified real person on no condition even if the personal data is matched with other data.
Storage Period Of The Personal Data
QNB Finansbank stores the Personal Data according to the period foreseen in the laws and other legislation. Following the actualization of the Personal Data processing purpose and end of the period in the regulations of the relevant law, Personal data is erased, disposed or anonymized within the frame of the principles in the "Personal Data Storage and Disposal Policy" or on demand of the Personal Data Owner/Relevant Person.
In case the personal data is disposed through these relevant methods, these data can never be reused or restored. Although there are legal interests of QNB Finansbank or the purpose of the processing and the period stated in the relevant laws end, personal data can be stored provided that fundamental rights and freedoms of the Personal Data Owner/Relevant Person are not damaged.
Every Personal Data Owner/ Relevant Person has the rights stated below.
a) Learning if the Personal Data is processed or not, b) if it is processed, demanding information regarding this, c) Learning the purpose of Personal Data processing and if these are used in compliance with their purposes, ç) Learning the third parties at home and abroad to which the personal data is transferred, d) in case the Personal Data is processed incorrectly, demanding the correction, e) Asking for the erasure or disposal of the Personal Data, f) Demanding the transactions performed as per paragraph (d) and paragraph (e) to be notified to third parties receiving such information, g) Objecting to the result coming out against itself due to the analysis of the Personal Data exclusively with the automatic systems and ğ) Requesting for recovery in case any losses incurred due to illegal processing of Personal Data.
QNB Finansbank concludes the requests regarding the implementation of this Policy and Law as soon as possible and at least within 30 days based on the request stated in the application free of charge. However, in case the transaction requires extra cost, below amounts determined by the Board might be collected. Should the application is occurs as a mistake by QNB Finansbank, the amount charged is reimbursed to the Personal Data Owner/Relevant Person.
Method of application
Personal Data Owner/Relevant Person can send requests by applying personally to QNB Finansbank branches in written along with the documents proving his/her identity (identity card, driving license, passport, etc.) within the scope of the rights projected in the 11th article of the Law, he/she can also send such request to the Head Office by means of notary public, he/she can apply to email@example.com address via secure electronic signature or send such request to firstname.lastname@example.org address by using his/her e-mail which is previously notified to the Bank or registered in the system.
These applications shall be accepted after your identity is confirmed by QNB Finansbank and you shall be informed in written or via electronic media within the legal durations.
In written application, the submission date of the document ot QNB Finansbank is deemed as the application date.
In the case of applications submitted in other methods, the date of receipt by QNB Finansbank is taken as the application date.
Response to application
QNB Finansbank is obliged to take all administrative and technical measures in order to effectively finalize each application, to be submitted by Personal Data Owner/Relevant Person, in compliance with the law and the code of good faith.
QNB Finansbank either accepts the application ot declines by stating the reasons. QNB Finansbank sends the response to Personal Data Owner/Relevant Person in written or via e-mail.
If the demand by Personal Data Owner/Relevant Person is accepted, QNB Finansbank fulfills the liabilities arising from the demand and provides the Personal Data Owner/Relevant Person with information.
If the response is to be given to Personal Data Owner/Relevant Person in written, pages up to ten are not charged. For each page exceeding ten pages, transaction cost is charged as 1 TL.
If the response is given in a recorded media such as CD, USB, etc., the cost to be demanded by the incumbent cannot exceed the overall cost of the media.
The Law and Provisions of this Policy will not be implemented in the cases below:
Article no.10 of the Law which regulates the liability to inform provided that it is proportional and in compliance with the purpose and the main principles of the Law, except for the right of demanding the recovery of loss, article no.11 which regulates the rights of the relevant person and the article no. 16 which regulates the liability to registry of Data Supervisors Registry will not be implemented in the conditions below:
Data processing process, which is carried out within the frame of banking activities, is subjected to the data security principles within the scope of the Communiqué on the Principles to Be Taken as Basis for Management of Information Systems in Banks which have the Banking Law numbered 5411 and sub-regulations by the Bank.
Relevantly, it is forbidden for any employee in QNB Finansbank to access, process or use these data without authorization.
Processing of such information by any employee who is not authorized within the scope of the legal duties of QNB Finansbank is deemed to be unauthorized transaction.
Employees of QNB Finansbank can only have access to the data within the frame of the kind and scope of his mentioned assignments properly. Roles and responsibilities are detailed as separated according to the principle on segregation of duties.
Misusing of the personal data for special or commercial purposes, sharing such data with unauthorized people or making them accessible by employees of QNB Finansbank are forbidden.
QNB Finansbank carries out the data processing activity in compliance with the regulations of the Law and approaches to Protection and Process of the Personal Data Policy as a part of corporate management. Besides, it takes all the required administrative and technical precautions to bring into force the Policy and Procedures it published referring to the Law.
Data processing activities carried out by QNB Finansbank are checked regularly by the authorized persons working in the relevant units of the Bank and subject to auditing.
General Information Letter
Information Letter for Credit Card Application
You can find the clarification text of our bank about the Law on The Protection of Personal Data.
Başvurunuza devam edebilmemiz için lütfen cep telefonunuza gönderilen SMS şifresini giriniz.
* Bu işlem için gönderilen SMS'ler ücretsizdir.
Başvurunuzu hızlıca tamamlayabilirsiniz ya da dilerseniz sizi arayarak başvurunuzu tamamlayabiliriz.