Menü
Join Now
Communication process clarification text

ING Bank A.S. is governed by the data protection obligations as prescribed in the Law Nr. 6698 on Protection of Personal Data ("LPPD" or the "Law"). For the purpose of complying with the Law, ING Bank A.S. implements data protection principles through the local requirements as well as the Global Data Protection Policies.

This clarification text shall be applied when we process any Personal Data of any data subject ("you"), who submit their request, complaint, recommendation and wish by establishing communication with ING Bank A.S. (“ING Türkiye”, “ING”, “we”, “us”, the “Bank”). We, as ING, are aware of how important your personal data is to you. This clarification text describes which and how personal data is collected, recorded, stored, used and processed by us, in a simple and transparent manner. 


1. The parties from which your personal data is obtained, and the method for collection
Your personal data is obtained directly from you by means of the applications, you have made through our online channels (our mobile application, our website, customer contact center), by making use of electronic and automatic methods.

For further information about the cookies and similar monitoring technologies, please review the clarification text for cookies published on the ING website.

2. Categories of personal data processed by us
Personal data means any and all kinds of information with respect to any identified or identifiable real person

  • Identity details: full name, date of birth, Republic of Türkiye ID number and nationality.
  • Contact details: e-mail address, contact address, telephone number. 
  • Information about online behavior, your devices, and your transaction security: Your IP address and the device ID of your mobile device or computer, websites and the pages you have visited in the application, and the website login and logout information and passwords. 
  • Details with respect  to your requests/complaints: This includes any request and complaint you have shared with ING through the ING online channels as well as the responses provided by ING.

3.Categories of personal data processed, and purposes and legal grounds for processing personal data
Processing of personal data refers to any and all kinds of processes which are performed on any data such as collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification or prevention of the use of any personal data by wholly or partially automated means or by non-automated means, to the extent that such process is a part of any data system.

As part of any request, complaint, recommendation and wish, you will have forwarded by contacting our Bank, your personal data shall be processed for the following purposes and as based on the statutory requirements for data processing ("legal ground"):

Categories of personal data Purpose of processing personal data Legal ground
Identity, Contact Information about online behavior and your devices and transaction security Details with respect to your requests/complaints
 -Answering the questions you will have submitted through the contact form,
-Receiving, assessing and concluding your requests, complaints, recommendations and wishes, and performing the business processes
-If and when such processing of your data is mandatory for our legitimate interest, provided that it does not impair your fundamental rights and freedoms
Identity, Contact Information about online behavior and your devices and transaction security Details with respect to your requests/complaints Providing regulatory information to the competent authorities -If and when it is expressly so required in the laws -If and when such processing is mandatory for the purpose of fulfillment of its statutory liability of the Bank as the data controller


4. Recipients of personal data and the purposes of such transfer
Your personal data shall be transferred for the purposes and legal grounds listed herein below:

Categories of data transferred Recipients Legal ground for and the purpose of the transfer
Identity, Contact Information about online behavior and your devices and transaction security Details with respect to your requests/complaints The governmental agencies authorized by law and the private organizations authorized by law, and the judicial authorities -The governmental authorities, regulatory and supervisory agencies such as the Banking Regulation and Supervision Agency (BRSA), the Ministry of Treasury and Finance and its respective units, in particular the Financial Crimes Investigation Board (MASAK), the Banks Association of Türkiye Risk Center.
-Judicial authorities/investigating authorities such as the national police, public prosecution offices, courts and arbitration/mediation bodies and the notaries public 		If and when it is expressly required in the laws or if and when it is mandatory for the purpose of performance of its statutory obligation by the data controller and if and when processing of such data is mandatory for the establishment, exercise or protection of a right; then as based on such legal grounds; -Fulfillment of any request for statutory reporting and information, -Performance of statutory audit activities,
 -Running legal processes,
-Fulfillment of our regulatory obligations
Identity, Contact Information about online behavior and your devices and transaction security Details with respect to your requests/complaints Service Providers (3rd party service providers such as law offices, attorneys-at-law, independent auditing firms, cargo/courier/distribution companies, supervision/auditing firms, etc. from which we procure service for the purpose of providing our services and performing our activities) If and when such processing of your data is mandatory for our legitimate interest, provided that it does not impair your fundamental rights and freedoms, then as based on such legal grounds,
 -Receiving, assessing and concluding your requests, complaints, recommendations and wishes,
-Carrying out our business activities



5. Rights of the data subject
As per Section 11 of the LPPD, in respect of your personal data, you are entitled to:

  • inquire whether your personal data has been processed,
  • ask for information about such processing if your personal data has been processed;
  • be informed about the purpose of processing of your personal data, and also about the fact that whether such data has been used as appropriate to the purpose thereto,
  • be informed about any third party to which your personal data has been transferred, either domestically or internationally,
  • ask for correction of any imperfect or inaccurate personal data if and when your personal data has been processed imperfectly or inaccurately, and to ask for the notification of any third party, to which your personal data has been transferred, of such process,
  • ask for the deletion, anonymization or disposal of your personal data if the grounds requiring the processing of such data cease to exist although such personal data has been processed in accordance with the provisions as prescribed under the Law Nr. 6698 and such other applicable laws, and to ask for the notification of any third party, to which your personal data has been transferred, of such process,
  • raise an objection against such outcome if and when you are of the opinion that it is to the detriment of you upon the analysis of any such processed personal data solely by the automated systems,
  • claim for compensation of any and all damage and/or loss you might have incurred in case any your personal data has been processed in breach of the law.


We may ask you to provide additional information for the purpose of verifying your identity while you are exercising your rights with respect to your personal data. Your application should include;
 
  1. Your full name, and your signature if the application is in writing,
  2. Your Republic of Türkiye ID number (for the nationals of the Republic of Türkiye), your nationality and passport number or your identity number, if applicable (for foreign nationals),
  3. Your permanent residence or business address for notification purposes,
  4. If applicable, your electronic mail address, telephone and fax numbers, and
  5. The subject matter of the request.

Storage of  your personal data
Your personal data shall be stored for the processing purposes as specified under the heading 3 and for the period of time as required under the applicable regulations or as required for the purpose for which they are processed. For example, we are legally obliged to store your information and documentation for a period of 10 years as per the Banking Law Nr. 5411 and the applicable secondary regulations. In the event that you request for the deletion of your personal data, then your personal data will be deleted, destroyed or anonymized if you do not actively receive service from our Bank upon the elapse of the retention period of 10-year and in case of cease of existence of all terms and conditions requiring processing of your data.

Protection of your personal data
We, as ING, shall take the appropriate technical and organizational measures (policies and procedures, Information Technologies Security, etc.) while processing your personal data and for the purpose of ensuring the confidentiality and integrity of your personal data. For the purpose of ensuring that your personal data is kept in a secure manner, an internal minimum framework is being applied with respect to the policies and the minimum standards throughout ING. The regulations and the developments in the market are being followed up, and the ING policies and standards are being updated periodically in the light of such developments.

We hereby would like to express that the staff members of ING are bound by non-disclosure obligations, and also that your personal data will not be used or transferred unlawfully by the staff members of ING. We would like to inform you that, for the purpose of protecting your personal data in the best possible manner, in the event that you have questions about the confidentiality of your personal data, then you can contact ING through the following communication channels.

6. About possible amendments to the clarification text
This Clarification Text may be amended for the purpose of continuing to remain in compliance with the amendments that might be made to the regulations in future and/or providing you, at all times, with the accurate, clear and unambiguous information about your personal data. This version has been drawn up on 30.07.2024.

7. About your questions regarding your personal data, and contact details
You can exercise your rights with respect to your personal data by making use of the "Data Subject Application Form" available in this link:

  • Personally by visiting the address, Resitpasa Mahallesi, Eski Buyukdere Caddesi, No:8, 34467, Maslak-Sariyer, Istanbul, or any of our branches, by verifying your identity;
  • By sending your application by e-mail to the address, namely, ingbank@hs03.kep.tr, by making use of your registered e-mail address;
  • By sending an e-mail message to the address, namely verikoruma@ing.com.tr, by making use of your personal e-mail address with a secure electronic signature or a mobile signature, or the e-mail address, you have made use of for signing up in our system;
  • By making use of any other method as indicated in the Communique Regarding the Procedures and Principles For Submitting an Application to the Data Controller.

We shall conclude your application within a period of 30 (thirty) days following the receipt thereof by us. In case any such request requires a cost, then the fee as specified in the tariff, as determined by the Personal Data Protection Board, shall be applied by us. If and when your application is rejected, then the reason for such rejection shall be justified either in writing or electronically by us.