Privacy Notice Regarding Personal Data Processing

The main purpose of the Personal Data Protection Law no. 6698 ("KVKK"), which was published in the Official Gazette and entered into force on April 7, 2016, is to protect the fundamental rights and freedoms of individuals, especially privacy, in terms of personal data processing.

As data controller, Yapı Kredi Portföy Yönetimi A.Ş. (the “Company”) attaches utmost importance to the fundamental rights and freedoms of individuals and shows utmost sensitivity to the processing of all personal data relating to natural persons associated with the Company, including those benefiting from our products and services, in accordance with KVKK and to ensuring privacy and security.

Purposes for Processing Personal Data

Your personal data will be processed for the Purposes specified in this Privacy Policy pursuant to your relationship with our Company. In all cases, processing of your personal data by our Company will be relevant, limited and proportionate to the purposes for which they are processed in accordance with the principles set out in Article 4 of KVKK.

Within this scope, you may find detailed information on personal data processing activities carried out in accordance with the provisions of KVKK and related legislation and the rights of data subjects from the Yapı Kredi Portföy Yönetimi A.Ş. Corporate Policy on Protection and Processing of Personal Data.

Method and Legal Ground for the Collection of Personal Data

Your personal data will be collected by means of one of the following methods which you use to communicate with us: via Company’s head office units, our agencies, ATM, fax, telephone, e-mail and other lawful relevant channels.

Your personal data will be collected and processed for the following purposes and legal grounds pursuant to the relation which you will establish with our Company

Based on the legal ground that processing of personal data is necessary for compliance with the legal obligation of the Company as a data controller and it is expressly provided for by the laws;

  • Ensuring the accordance of the Company's operations with the Company's procedures or respective legislation
  • Ensuring the security of the Company system and operations
  • Ensuring the safety of Company premises or facilities
  • Planning or execution of audit or ethical activities of the Company
  • Planning or execution of the financial risk processes of the Company
  • Planning or execution of necessary operational activities regarding the unethical conduct or abuse cases of employees
  • Planning or execution of internal audit / internal control / investigation / ethics activities upon complaint or ex officio
  • Planning/execution of risk management processes related to the offered products or
  • Planning or execution of operational risk processes
  • Carrying out the transactions of corporate and corporations law and legislation
  • Ensuring that the data is accurate and up-to-date
  • Providing information to authorized persons and/or organizations due to the legislation
  • Planning or execution of employee's authority to access to information
  • Follow-up of finance or accounting procedures
  • Planning or exercise of the information access rights of business partners or suppliers

Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract and it is necessary for compliance with a legal obligation to which the data controller is subject;

  • Planning or execution of customer relations management processes
  • Planning or execution of the activities regarding after-sales support services
  • Follow-up of contractual procedures or legal demands
  • Conducting activation processes of products or services
  • Establishment or follow-up of application processes of products or services
  • Establishment or follow-up of utilization procedures of the products or services
  • Planning or execution of the sales processes of the products or services
  • Planning or execution of procurement processes

Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing will not violate the fundamental rights and freedoms of the data subject;

  • Planning or execution of emergency or incident management processes
  • Ensuring the security of the fixtures or resources of the Bank
  • Execution of compliance process resulting from foreign legislation
  • Formation or follow-up of visitor registrations
  • Planning or execution of social responsibility or civil society activities
  • Planning or execution of operation or productivity processes

Based on the legal ground that data processing is necessary for the establishment, exercise or protection of any right;

  • Follow-up of the legal affairs
  • Finalizing/follow-up of customer demands or complaints

Based on your explicit consent,

  • Planning/conducting the marketing processes of the products or services
  • Planning or conducting of activities towards customer satisfaction and experience
  • Designing or conducting customized marketing or promotional activities
  • Conducting of data analytics activities for marketing purposes
  • Planning or execution of the process of establishing or increasing loyalty to the products or services offered by our company
  • Designing or conducting marketing and advertising/promotional activities in digital or other media
  • Planning or conducting campaigns or promotional processes

Recipient Parties and Purposes for Transferring Personal Data

Collected personal data may be transferred to our shareholders domestic or abroad, judicial authorities and similar legally authorized public/private institutions and organizations, our business partners and our vendors in accordance with the basic principles envisaged under KVKK and pursuant to the rules regarding the transfer of personal data specified in Articles 8 and 9 of the KVKK and the legal reasons for the processing of personal data stipulated in Articles 5 and 6 of the KVKK.

Your Rights as Envisaged Under Article 11 of KVKK

We hereby declare that you are entitled to the following rights in accordance with Article 11 of the Law:

  • To learn whether your personal data are being processed,
  • To request information if your personal data have been processed,
  • To learn the purpose of the processing of your personal data and whether they have been used accordingly,
  • To learn which third parties domestic or abroad your personal data has been transferred to,
  • To request rectification in case your personal data has been processed incompletely or inaccurately and to demand the operations in this regard be reported to third parties your personal data has been transferred to,
  • To demand the erasure or destruction of your personal data in case the reasons necessitating the processing have disappeared even though it was processed in accordance with the Law and other relevant provisions and to demand the operations in this regard be reported to third parties your personal data has been transferred to,
  • To object the occurrence of any consequence that is to your detriment by means of analysis of personal data solely through automated systems,
  • To demand compensation for the damages that you have suffered as a result of an unlawful processing of your personal data.

You may convey your requests concerning your rights listed above, to our Company. Depending on the nature of your request, your application will be concluded as soon as possible, within 30 days at the latest and free of charge.