AktifTech Teknoloji A.S.
Clarification Text On Personal Data Processing
This text has been drawn up by Aktiftech Teknoloji A.S. (“AktifTech“), acting as the data controller, for the purpose of informing you about the Law Nr.6698 on Protection of Personal Data (the “Law Nr.6698“), which has been promulgated on the Official Journal, dated April 07, 2016 and bearing the issue number 29677 thereon.
Your Personal Data Processed by our Company; including but not limited to your identity details (name, surname, Republic of Türkiye ID Number, passport number), contact details (home address, business address, electronic mail address, mobile phone number, fixed phone number, fax, registered electronic mail (KEP)), the details about the customer and legal transactions entered into by and between you and our Company, the details of the mobile phone or the IP details of the computer used by you, and the data with respect to your requirements as you have shared with our Company, and also your audio-video data (telephone calls, voice records, camera records), any personal data, which would be obtained from you in accordance with the Law on Protection of Personal Data and such other applicable regulations, depending on the characteristics of the products and services you will have received from our Company, shall be processed.
Purposes of Processing of Your Personal Data by our Company; Your personal data and sensitive personal data shall be processed for the purposes and reasons including but not limited to the following purposes and legal grounds in compliance with the principles as specified in Section 4 of the Law Nr.6698;
If and when it is expressly so prescribed by the laws and it is required for the purpose of fulfillment of our statutory obligation; then for the purpose of;
- Provision of our products and services to you,
- Ensuring that the information is up-to-date,
- Carrying out the analysis, reporting and performance of the reviews which are required to be carried out and performed as part of the operations of the Company,
- Performance and auditing of the business operations,
- Storing, reporting the information which are requested by the Banking Regulation and Supervision Agency, MASAK (Financial Crimes Investigation Board), GIB (Turkish Revenue Administration), Information Technologies Authority, Recep Tayyip Erdogan Universitesi ve Turk-Alman Universitesi Teknoloji Gelistirme Bolgesi Yonetim A.S. (Recep Tayyip Erdogan University and Turkish-German University Technology Development Zone Management Inc.) and such other governmental agencies, to which we are obliged to provide information, and fulfillment of the requests for information and documentation forwarded by any such agency,
- For the purpose of performance of all of our operations in compliance with any and all applicable regulations, in particular the Law on Protection of Personal Data,
- Creating and managing the information technology infrastructures,
- Procurement of support service and performance of independent auditing activities,
- Provision of the technology infrastructure services to the payment system organizations and institutions, system operators, electronic money institutions, payment service providers, cloud information technology service providers as specified in the Law Nr.6493 and such other applicable regulations,
If and when it is directly related to the execution of an agreement by and between our Company and you, and also the performance of such agreement, and it is mandatory for the purpose of fulfillment of our statutory obligation; then for the purpose of;
- Fulfillment, performance, development of the operations, which are carried out by us as a support service and/or outsourced service provider as per the Banking Law Nr.5411 and the secondary statutory regulations thereto, as well as the software, application, infrastructure, API services, KEP, E-Defter (E-Book) services and such other transactions as specified, and performance of the operational processes thereto,
- Performance of our obligations and liabilities with respect to any and all technological products and services, which are provided or facilitated by us within the scope of the field of business of our Company, and performance of our contractual processes,
- Performance of the advertising, campaign and promotional processes in respect of the products and services of our Company, and contacting you for such purposes,
- Performance of customer satisfaction activities and sharing the proposals with respect to the services thereto,
- Performance of the customer relations management processes,
- Performance of the product and service procurement processes and the support services associated therewith,
- Improvement of the product and service quality,
- Planning and fulfilling the obligations with respect to the support service and outsourced service activities,
- Provision of the inventories and resources with respect to the products and services,
Provided that you, as being the data subject, shall not have your fundamental rights and freedoms impaired by such processing, on the basis of the legal ground that such processing of data is of mandatory nature for the legitimate interests of the data controller; then for the purpose of;
- Planning or performance of the activities for the performance of the effectiveness/productivity or relevance analysis for the business operations,
- Planning or performance of the business operations,
- Planning or performance of the activities for ensuring business continuity,
- Planning or performance of the corporate communication activities,
- Planning or performance of the corporate governance activities,
- Planning or performance of the logistics operations,
- Planning or performance of the projects in line with the objectives of the Company,
- Management of the relations with the business partners or suppliers,
- Performance of the strategic planning activities,
- Performance or implementation of the budgeting activities,
- Meeting the quality standards,
If and when processing of such data is mandatory for the establishment, exercise or protection of a right; then for the purpose of;
- Following up the legal affairs,
- Handling the inquiries and complaints.
If and when an explicit consent is granted; then for the purpose of planning the marketing activities for the products, which would be developed as part of the service being received, or such other similar products and services, and forwarding the proposals with respect to such products and services, performance of the analysis and modeling deemed to be required as part of the operations of the company, and performance of the consolidated reporting, risk management and assessment with our principal shareholder or the other shareholders of us.
Method for Collection of Your Personal Data, and Legal Grounds thereto; Your personal data may be processed by making use of both fully or partially automated means and non-automated means which are a part of a data recording system;
Either verbally, in writing or electronically through the parties, from which either directly you or any person, authorized to act for and on behalf of you receive(s) the services which are of complementary to or extensions of the activities of our Company such as our website, mobile application, call centers and such other telephone channels, agreements, SMS, electronic mail, fax, mail, cargo or courier services, and/or through the media, our social media accounts, registered electronic mail, electronic notification, in-network providers and the organizations from which procure services and at the extent as permitted by the applicable regulations and the agreements executed, and/or through the databases of such other similar agencies and organizations, cookies and such other similar tracking technologies, associations and societies such as the chambers of commerce and chambers of artisans, and/or by means of the method of recording of the camera images at the buildings owned by Recep Tayyip Erdogan Universitesi ve Turk-Alman Universitesi Teknoloji Gelistirme Bolgesi Yonetim A.S. (Recep Tayyip Erdogan University and Turkish-German University Technology Development Zone Management Inc.) and our Company due to the physical location security practices, and/or through the customer interviews and any and all kinds of notifications, applications, meetings held with our Company as based on the system integrations between our Company and the governmental agencies and organizations within the limitations as prescribed by applicable statutory regulations issued by the national and international authorities/bodies/agencies;
On the basis of the legal grounds as prescribed in the Law Nr.6698, if and when;
- You have granted your explicit consent as per Sections 5/1 and 6/2 of the said Law,
- It is expressly prescribed by the laws as specified in Section 5/2-a of the said Law,
- It is required for the purpose of protecting the life or bodily integrity of the individual or any other individual who is not able to state her/his consent due to any actual impossibility or whose consent is not recognized in legal terms as specified in Section 5/2-b of the said Law,
- Processing of the personal data of the parties of such agreement is required, provided that such processing is required for entering into or performing an agreement as specified in 5/2-c of the said Law,
- It is required for enabling our Company to fulfill its statutory obligation as specified in Section 5/2-ç of the said Law,
- Such personal data has been made publicly available by You as specified in Section 5/2-d of the said Law,
- Such processing is required for establishment, exercise or protection of a right as specified in Section 5/2-e of the said Law,
- Such processing is required for the legitimate interest of our Company without prejudice to your fundamental rights and freedoms as per Section 5/2-f of the said Law.
Persons/entities to which any personal data may be transferred for the purposes listed herein above; your personal data may be transferred to the domestic and international business partners and associates, shareholders, subsidiaries, infrastructure service providers, cloud information technology system providers of AktifTech and to the judicial authorities and also to the Banking Regulation and Supervision Agency, Information Technology Authority, Personal Data Protection Authority, the Central Bank of the Republic of Türkiye, MASAK (Financial Crimes Investigation Board), the Turkish Revenue Administration, which are authorized by the law, and also to such other similar governmental/private agencies and organizations, provided that adequate and effective measures will have been taken as per the security and non-disclosure principles as specified in the applicable regulations for the purpose of ensuring the accomplishment of the purposes as listed herein above as based on the terms and conditions for transferring and processing such data as specified in Sections 8 and 9 of the Law Nr.6698.
Your Rights as Listed in Section 11 of the Law Nr.6698; In the event that you, as being a personal data subject, submit your request regarding your rights to us by means of the methods as set out herein below, then, Aktif Bank shall conclude any such request as soon as possible and no later than a period of thirty days depending on the nature of such request. If and when it is stipulated by the Personal Data Protection Board to charge a fee, then our Company may collect a fee as determined in the tariff.
In respect of your personal data processed by Aktif Bank, as per Section 11 of the Law Nr.6698, you shall be entitled to;
- Inquire whether your personal data has been processed, or not; and
- Ask for information regarding any such processed personal data; and
- Be informed about the purpose of processing of any such data, and also about the fact that whether such data has been used as appropriate to the purpose thereto; and
- Be informed about any 3rd party to which any such data has been transferred, either domestically or internationally; and
- Ask for correction of any imperfect or inaccurate data, in case of any imperfect or inaccurate processing thereof; and
- Ask for deletion of any such personal data, if and when the reasons requiring the processing of your data cease to exist; and
- Raise an objection against such outcome in case of emergence of an outcome that is to the detriment of you upon the analysis of any such processed personal data solely by any automated systems; and
- Claim for compensation of any and all damage and/or loss you might have incurred in case your personal data has been processed in breach of the law.
As per the 1st paragraph of Section 13 of the Law Nr.6698 and also the Communique, numbered 30356 and dated 10.03.2018, regarding the Procedures and Principles For Filing an Application to the Data Controller; you may send and deliver your request with respect to any of your rights as listed herein above;
- By e-mail by sending an e-mail message to email@example.com as indicated on the website of our Company; and
- To our KEP (registered electronic mail) address, firstname.lastname@example.org , if and when you wish to file an application through KEP; and
- To and at the address of our Company, namely Esentepe Mah. Kore Sehitleri Cad. No:8/1 Aktif Bank Genel Mudurluk (Head Office) Sisli/Istanbul, as being the data controller, by attaching the necessary documentation thereto, if and when you wish to file an application in writing.
It is required that the information and documentation to enable identification as based on the nature of you request are provided to us in full and accurately. If and when any such required information or documentation is not provided properly, some inconvenience may be experienced in respect of perfectly and properly performance of the investigations to be carried out by AktifTech as based on your request. We hereby represent that the legal rights of AktifTech shall be reserved in such case. Therefore; your application must be sent completely and in a manner so as to include all such required information and documentation as based on the nature of your request.