This is the Privacy Statement and Enlightenment Declaration(‘Privacy Statement’) of the personal data activities conducted by ING Bank A.Ş. (“ING”, “Bank”, “we”, “us” and “our”) as data controller in accordance with the Law on Personal Data Protection No.6698 (the “Law”).
1. Purpose and scope of this Privacy Statement and Enlightenment Declaration
At ING, we understand that your personal data is important for you. This Privacy Statement explains in a simple and transparent way what personal data we collect, record, store, use and the purposes of processing and the legal reasons of processing, the recipients of personal data and the purposes of personal data transfers, the rights set forth under the Law, and how we collect. Our approach can be summarised as: the right people use the right data for the right purpose.
This Privacy Statement applies to
• All past, present and prospective customers who are natural persons (“ING Customers”) or “you”).
• Non-ING customers. These could include any natural person who makes a payment to or receives a payment from an ING account; any natural person that visits an ING website, branch or office; any natural person professional advisors; shareholder; guarantor; ultimate beneficial owner, director or representative of a company that uses our services; debtors or tenants of our customers; any natural person involved in other transactions with us or our customers and legal representatives or contact persons or natural person owners, partners, shareholders acting on behalf of our merchant customers.
2. The Method and Legal Reason of Collection of Personal Data
We obtain your personal data in the following ways as per the below mentioned legal grounds:
We will process your personal data in accordance with the relationship you will establish with our Bank for below explained purposes and legal reasons pursuant to the data processing conditions stated in Article 5 and 6 of the Law.
Your personal data will be collected for the purposes of ensuring that the products and services of our Bank are provided to you through the channel that you interact with us in the physical environment via interviews, meetings, the visits to our branches, and contracted stores, the forms that you filled in writing, and in the electronic environment via online banking, ATMs, social media, call center, mobile apps, our web- site. We may also collect data via third parties such as our contracting partners, business partners, agencies and brokers, identity-sharing systems, address sharing systems, the general directorate of PTT (Turkish Post), the Interbank Card Centre and other intelligence gathering channels.
For ING customers:
Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract and it is necessary for compliance with a legal obligation to which the data controller is subject;
• Performing agreements to which you are a party or taking steps prior to entering into agreements. We use information about you, such as your name and contact details, when you enter into an agreement with us, or we have to contact you. We analyse information about you to assess whether you are eligible for certain products and services. For example, we may look at your payment behaviour and credit history when you apply for a loan or a mortgage.
• We use your account details when you ask us to make a payment or carry out an investment order.
• Also we collect your data as needed to be obtained to draft an insurance policy in case you ask insurance products from our Bank acting as insurance agent
Based on the legal ground that processing of personal data is necessary for compliance with the legal obligation of the Bank and it is expressly provided for by the laws;
• We use your account details when you ask us to make a payment or carry out an investment order.
• Data protection and security. We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of ING and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.
o To protect your assets from fraudulent activities online, for example, if you are hacked and your username and password are comprised.
o We may use certain information about you (e.g. name, account number, age, nationality, IP address, etc.) for profiling purposes to detect fraudulent activities and the perpetrators.
o We may use your personal data to alert you if we detect suspicious activity on your account, for example when your debit or credit card is used in a non-typical location.
• Compliance with legal obligations to which we are subject. We process your data to comply with a range of legal obligations and statutory requirements.
Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing will not violate the fundamental rights and freedoms of the data subject;
• Also we collect your data as needed to be obtained to draft an insurance policy in case you ask insurance products from our Bank acting as insurance agent
• For credit risk and behaviour analysis. We use and analyse data about your credit history and payment behaviour to assess your ability to repay a loan, for example.
• Business process execution, internal management and management reporting. We process your data for our banking operations and to help our management make better decisions about our operations and services.
• Data protection and security. We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of ING and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.
o To protect your assets from fraudulent activities online, for example, if you are hacked and your username and password are comprised.
o We may use certain information about you (e.g. name, account number, age, nationality, IP address, etc.) for profiling purposes to detect fraudulent activities and the perpetrators.
o We may use your personal data to alert you if we detect suspicious activity on your account, for example when your debit or credit card is used in a non-typical location.
• Protecting your vital interests. We process your data when necessary to protect your interests which are essential for your life or that of another natural person. For example, for urgent medical reasons. We will only process your data necessary for the vital interests of another natural person if we cannot base it on one of the other purposes mentioned.
Based on your explicit consent,
• Relationship management and marketing. We may ask you for feedback about our products and services, or record your conversations with us online, by telephone or in our branches. We may share this with certain members of our staff to improve our offering or to customise products and services for you.
• We may send you newsletters informing you about these products and services.
• Also we may process your data to provide the best quality services by way of various sources (Branches, internet banking, contracted stores, call centers, conducted meetings, social media, ATMs etc.) and conducting analyses and efficiency and strategy studies based on behavior modelling aiming to predict our customers’ possible requests; conducting publicity, promotion and marketing activities and drawing lots, sending gifts, campaigning and advertising activities via several sources and the announcements thereto; providing special offers, goods and services to customers, benefitting from the services of the call center within the scope of evaluating the customer complaints, assessing and evaluating the quality of the customer calls, making announcements/notifying our customers on meetings, organizations, campaigns, draws held by our Bank.Of course, if you don’t want to receive these offers you can withdraw your consent anytime.
• Providing you with the best-suited products, services and marketing. We may use your data for commercial activities, including processing which is necessary for developing and improving our products and/or services, customer service, segmentation of customers and profiling and the performance of (targeted) marketing activities and for to conduct necessary operations regarding cross sales of current or new products of our Bank. We do this to establish a relationship with you and/or to maintain and extend a relationship with you and for performing statistical and scientific purposes. OF course, if you do not want that your data processed for this purposes you can withdraw your consent anytime
• Improve and develop our products and services. Analysing how you use and interact with our products and services helps us understand more about you and shows us where and how we can improve. For instance:
When you open an account, we measure how long it takes until you are able to use your account.
We analyse the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.
Sometimes we analyse your personal data using automated processes, such as algorithms, to speed up credit decisions for loans and mortgages.
For Non-ING customers including legal representatives or contact persons or natural person owners, partners, shareholders acting on behalf of our merchant customers:
Based on the legal ground that processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract and it is necessary for compliance with a legal obligation to which the data controller is subject;
• Performing agreements to which your company is a party or taking steps prior to entering into agreements. If you are an owner, partner, shareholder or by any way a representative of a merchant customer, we may use your personal data to enter into an agreement with the customer, and to contact the customer when needed.
• If you are a natural person or representative of a merchant providing guarantee for a customer, or a beneficiary of payment instruments we may use your personal data to enter into an agreement or executing a payment order in connection to our arrangements with the customer. We may verify your capacity and powers using trade registers or incumbency certificates.
Based on the legal ground that processing of personal data is necessary for compliance with the legal obligation of the Bank and it is expressly provided for by the laws;
• Data protection and security. We have a duty to protect all personal data and to prevent, detect and contain a data breach or fraud involving personal data collected to comply with regulations against money laundering, terrorism financing and tax fraud. To safeguard and ensure the security and integrity of ING, the financial sector, clients and employees, we may
o Process your personal data to protect your organisation´s assets from fraudulent activities, for instance in case your identity (e.g. username and password) is compromised.
o Use certain personal data (e.g. name, account number, age, nationality, IP address, etc.) for profiling to detect fraudulent activities and the actors behind it.
o Use your personal data to alert you in case we detect suspicious activities involving your business´s assets, for example a transaction is taking place from a non-typical location.
• Compliance with legal obligations to which we are subject. We process personal data to comply with a range of legal obligations and statutory requirements (anti-money laundering legislation and tax legislation etc.). For example, know your customer (KYC) rules and regulations require ING to verify the identity of some natural person shareholders before accepting your company as a customer. Upon request by authorities, ING may report the transactions carried out by merchant customers.
Based on the legal ground that processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing will not violate the fundamental rights and freedoms of the data subject;
• If you are a natural person or representative of a merchant providing guarantee for a customer, or a beneficiary of payment instruments we may use your personal data to enter into an agreement or executing a payment order in connection to our arrangements with the customer. We may verify your capacity and powers using trade registers or incumbency certificates;
• Business process execution, internal management and management reporting. We process personal data for our financial services operations and to help our management make better decisions about our operations and services;
• For credit risk and morality analysis. We process your financial personal data when a merchant customer request credit and/or investment products or a natural person or a merchant undertake a guarantee/surety with us for the benefit of a customer. On such conditions, we may verify credit history, credit capacity, and other information relating to creditworthiness and credit conditions of such natural person or the natural person owner or partner or shareholder of such merchant. In addition, we collect and process your data that is legally available from public sources such as land registers, commercial registers and the media, or that has been legitimately provided by other companies within the ING Group or third parties such as credit agencies.
Based on your explicit consent,
• Relationship management and marketing. We may ask you as the representative of the merchant customer to give us feedback on the products and services offered to the business client. We may send newsletters regarding new and existing products and services offered by ING.
• Providing the best-suited products and services. When you as the representative of a merchant customer visit our website, call our customer service centre, talk to an ING employee or visit a branch, we may gather information about you as the representative of the merchant customer;
• Improving and developing products and services. Analysing how products and services are used helps us understand more about our performance and shows us where and how we can improve our products and services.
For all kind of customers :
Based on the legal ground that processing of personal data is necessary for compliance with the legal obligation of the Bank and it is expressly provided for by the laws;
• Legal and global compliance. We process your personal data to comply with a range of internal and external legal obligations and statutory requirements (anti-money laundering legislation and tax legislation, for example, as well as our own internal and global policies). We do this for to comply with international and domestic law, legal regulations, internal-external policies and rules which our Bank, subsidiaries of our Bank, primary shareholders, subsidiaries of primary shareholders, and its risk group is bound with, prepare consolidated financial tables, perform global risk management and inspection and for to carry out legal procedures.
3. The types of personal data we process
Personal data refers to any information that identifies or can be linked to a natural person. Personal data we process about you includes:
For ING customers:
• Identification data: the name, date and place of birth, ID number, email address, telephone number, title, nationality and a specimen signature, fiscal code/social security number;
• Transaction data, such as your bank account number, any deposits, withdrawals and transfers made to or from your account, and when and where these took place;
• Financial data, such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with ING, whether you are registered with a credit register, payment arrears and information on your income;
• Socio-demographic data, such as whether you are married and have children;
• Children’s data that you share with us, when you open an account in the name of your children, when you request a health insurance product or when its required by legislation on some operations related with tax revenues
• Online behaviour and preferences data, IP address of your mobile device or computer you use and the pages you visit on ING websites and apps;
• Data about your interests and needs that you share with us, for example when you contact our call centre or fill in an online survey;
• Know our customer data as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud;
• Audio-visual data; where applicable and legally permissible, we process surveillance videos at ING branches, or recordings of phone or video calls or chats with our offices. We can use these recordings, to verify telephone orders, for example, or for fraud prevention or staff training purposes;
• Your interactions with ING on social media, such as Facebook, Twitter, Instagram, Google+ and YouTube. We follow public messages, posts, likes and responses to and about ING on the internet.
For Non-ING customers including legal representatives or contact persons or natural person owners, partners, shareholders acting on behalf of our merchant customers :
• Identification data: the name, date and place of birth, ID number, email address, telephone number, title, nationality and a specimen signature, fiscal code/social security number;
• Financial data: when a merchant customer request credit and/or investment products or a natural person or a merchant undertake a guarantee/surety with us for the benefit of a customer, we may verify credit history, credit capacity, and other information relating to creditworthiness and credit conditions of such natural person or the natural person owner or partner or shareholder of such merchant;
• Online behaviour and preferences data: IP address of mobile device or computer and the pages visited on ING websites and apps;
• Data about the Non-ING customer´s interests and needs shared with us when they contact with our officers or participate in an ING survey;
• Know the Non-ING customer as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud;
• Audio-visual data: where applicable and legally permissible, we process surveillance videos at ING branches, or recordings of phone or video calls or chats with our offices.
Sensitive data
Sensitive data is data relating to your health, ethnicity, religious or political beliefs, genetic or biometric data, or criminal data (information on fraud is criminal data and we record it). We may process your sensitive data if:
• We have your explicit consent;
• We are required or allowed to do so by applicable local law. For example, we are legally obliged to keep a copy of ID by anonymizing these data so data regarding your religion, health and visual data might be obtained indirectly from photocopy of your ID cards and/or driver licenses and we are legally obliged to investigate your criminal data(only for cheque prohibition) when you request a chequebook from our bank
• Additionally, we process data concerning your health for to draft the insurance policy in case you purchase health/life insurance and/or private pension products from our bank acting as insurance agent (and or if required as collateral of an allocated credit line) and we process your biometric data in order to authenticate your voice by audio services through call centre calls and to exercise necessary controls in order to prevent fraud and fulfil the obligation of monitoring regarding particularly internal systems and as ordered by the relevant regulations. We process your biometric data to authenticate your voice using audio services through our call centres and to exercise necessary fraud-prevention controls and fulfil our monitoring obligation, particularly regarding internal systems as ordered by the relevant regulations.
4. What we do with your personal data
Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it in accordance with applicable laws. We only use your personal data for following purposes in accordance with the personal data processing conditions specified under Article 5 and 6 of the Law:
For ING customers:
• Performing agreements to which you are a party or taking steps prior to entering into agreements. We use information about you, such as your name and contact details, when you enter into an agreement with us, or we have to contact you. We analyse information about you to assess whether you are eligible for certain products and services. For example, we may look at your payment behaviour and credit history when you apply for a loan or a mortgage. And we use your account details when you ask us to make a payment or carry out an investment order. Also we collect your data as needed to be obtained to draft an insurance policy in case you ask insurance products from our Bank acting as insurance agent
• Relationship management and marketing. We may ask you for feedback about our products and services, or record your conversations with us online, by telephone or in our branches. We may share this with certain members of our staff to improve our offering or to customise products and services for you. We may send you newsletters informing you about these products and services. Also we may process your data to provide the best quality services by way of various sources (Branches, internet banking, contracted stores, call centers, conducted meetings, social media, ATMs etc.) and conducting analyses and efficiency and strategy studies based on behavior modelling aiming to predict our customers’ possible requests; conducting publicity, promotion and marketing activities and drawing lots, sending gifts, campaigning and advertising activities via several sources and the announcements thereto; providing special offers, goods and services to customers, benefitting from the services of the call center within the scope of evaluating the customer complaints, assessing and evaluating the quality of the customer calls, making announcements/notifying our customers on meetings, organizations, campaigns, draws held by our Bank.Of course, if you don’t want to receive these offers you can withdraw your consent anytime.
• Providing you with the best-suited products, services and marketing. We may use your data for commercial activities, including processing which is necessary for developing and improving our products and/or services, customer service, segmentation of customers and profiling and the performance of (targeted) marketing activities and for to conduct necessary operations regarding cross sales of current or new products of our Bank. We do this to establish a relationship with you and/or to maintain and extend a relationship with you and for performing statistical and scientific purposes. OF course, if you do not want that your data processed for this purposes you can withdraw your consent anytime
• Improve and develop our products and services. Analysing how you use and interact with our products and services helps us understand more about you and shows us where and how we can improve. For instance:
When you open an account, we measure how long it takes until you are able to use your account.
We analyse the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.
Sometimes we analyse your personal data using automated processes, such as algorithms, to speed up credit decisions for loans and mortgages.
• For credit risk and behaviour analysis. We use and analyse data about your credit history and payment behaviour to assess your ability to repay a loan, for example.
• Business process execution, internal management and management reporting. We process your data for our banking operations and to help our management make better decisions about our operations and services.
• Data protection and security. We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of ING and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.
o To protect your assets from fraudulent activities online, for example, if you are hacked and your username and password are comprised.
o We may use certain information about you (e.g. name, account number, age, nationality, IP address, etc.) for profiling purposes to detect fraudulent activities and the perpetrators.
o We may use your personal data to alert you if we detect suspicious activity on your account, for example when your debit or credit card is used in a non-typical location.
• Protecting your vital interests. We process your data when necessary to protect your interests which are essential for your life or that of another natural person. For example for urgent medical reasons. We will only process your data necessary for the vital interests of another natural person if we cannot base it on one of the other purposes mentioned.
• Compliance with legal obligations to which we are subject. We process your data to comply with a range of legal obligations and statutory requirements.
For Non-ING customers including legal representatives or contact persons or natural person owners, partners, shareholders acting on behalf of our merchant customers :
• Performing agreements to which your company is a party or taking steps prior to entering into agreements. If you are an owner, partner, shareholder or by any way a representative of a merchant customer, we may use your personal data to enter into an agreement with the customer, and to contact the customer when needed. If you are a natural person or representative of a merchant providing guarantee for a customer, or a beneficiary of payment instruments we may use your personal data to enter into an agreement or executing a payment order in connection to our arrangements with the customer. We may verify your capacity and powers using trade registers or incumbency certificates;
• Relationship management and marketing. We may ask you as the representative of the merchant customer to give us feedback on the products and services offered to the business client. We may send newsletters regarding new and existing products and services offered by ING.
• Providing the best-suited products and services. When you as the representative of a merchant customer visit our website, call our customer service centre, talk to an ING employee or visit a branch, we may gather information about you as the representative of the merchant customer;
• Improving and developing products and services. Analysing how products and services are used helps us understand more about our performance and shows us where and how we can improve our products and services;
• Business process execution, internal management and management reporting. We process personal data for our financial services operations and to help our management make better decisions about our operations and services;
• Data protection and security. We have a duty to protect all personal data and to prevent, detect and contain a data breach or fraud involving personal data collected to comply with regulations against money laundering, terrorism financing and tax fraud. To safeguard and ensure the security and integrity of ING, the financial sector, clients and employees, we may
o Process your personal data to protect your organisation´s assets from fraudulent activities, for instance in case your identity (e.g. username and password) is compromised.
o Use certain personal data (e.g. name, account number, age, nationality, IP address, etc.) for profiling to detect fraudulent activities and the actors behind it.
o Use your personal data to alert you in case we detect suspicious activities involving your business´s assets, for example a transaction is taking place from a non-typical location.
• Compliance with legal obligations to which we are subject. We process personal data to comply with a range of legal obligations and statutory requirements (anti-money laundering legislation and tax legislation etc.). For example, know your customer (KYC) rules and regulations require ING to verify the identity of some natural person shareholders before accepting your company as a customer. Upon request by authorities, ING may report the transactions carried out by merchant customers.
• For credit risk and morality analysis. We process your financial personal data when a merchant customer request credit and/or investment products or a natural person or a merchant undertake a guarantee/surety with us for the benefit of a customer. On such conditions, we may verify credit history, credit capacity, and other information relating to creditworthiness and credit conditions of such natural person or the natural person owner or partner or shareholder of such merchant
For all kind of customers :
• Legal and global compliance. We process your personal data to comply with a range of internal and external legal obligations and statutory requirements (anti-money laundering legislation and tax legislation, for example, as well as our own internal and global policies). We do this for to comply with international and domestic law, legal regulations, internal-external policies and rules which our Bank, subsidiaries of our Bank, primary shareholders, subsidiaries of primary shareholders, and its risk group is bound with, prepare consolidated financial tables, perform global risk management and inspection and for to carry out legal procedures.
Data that we process without your explicit consent or which are not within the scope of article 5/2 of the Turkish Personal Data Protection Law no.6698, shall be anonymised or we shall remove as much of the personal information as possible to the extent the data owner’s ID may not be determined.
Applicable laws require us to retain personal data for a period of time. This retention period may vary as per timelines set out in the relevant legislation. We are only allowed to keep your personal data for as long as the necessity for the purpose to process the data has been finalized. After that we erase, destruct or anonymize your data with the most feasible solutions according to applicable laws and our internal policies.
5. Who we share your data with and why
To offer you the best possible services and remain competitive in our business, we share certain data internally i.e., with our regional offices/branches and externally (i.e., outside of ING) with third parties.
Whenever we share your personal data externally with third parties in other countries we ensure the necessary obligations as set out in the Law and the related secondary legistations.
Your personal data will be transferred within the scope of fulfilling the purposes stated herein Privacy Notice with the below specified parties in accordance with the data processing conditions set forth under Article 5 and 6 of the Law and the rules on the transfer of personal data specified in Articles 8 and 9 of the Law.
For ING customers and Non-ING customers to the extent it is applicable:
ING entities
We may transfer data to subsidiaries of our Bank, to our primary shareholder (ING Bank N.V.), to holding companies and subsidiaries of our primary shareholders and to our risk group for operational, regulatory, reporting and other various purposes (see section ‘What we do with your personal data’ for the full list).
You can access information about the group companies and affiliates of our main shareholder and our risk group on.
Government, Supervisory and Judicial authorities
To comply with our regulatory obligations we may disclose data to the relevant government, supervisory and judicial authorities such as:
• Public authorities, regulators and supervisory bodies such as the central bank, BDDK, SPK, TBB, Risk Center, Masak, MKK, YTM, KKB, Findeks, BKM and such other regulatory/audit authorities and other financial sector supervisors in Turkey.
• Tax authorities may require us to report customer assets or other personal data such as your name and contact details and other information about you. For this purpose, we may process your identification data like social security number, tax identification number or any other national identifier in accordance with applicable local law.
• Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legal request.
Financial institutions
To process certain payment and withdrawal services, we may have to share information about the natural person customer or there representative of a merchant customer with another bank or a financial company. We also share information with financial sector specialists who assist us with financial services like
• Exchanging secure financial transaction messages;
• Payments and credit transactions worldwide;
• Processing electronic transactions worldwide;
• Settling domestic and cross-border security transactions and payment transactions; or
• Other financial services organisations, including banks, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers.
Service providers and other third parties
When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like
• Designing, developing and maintaining internet-based tools and applications;
• IT service providers who may provide application or infrastructure (such as cloud) services;
• Marketing activities or events and managing customer communications;
• Preparing reports and statistics, printing materials and designing products;
• Placing advertisements on apps, websites and social media;
• Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;
• Performing specialised services like postal mail by our agents, archiving of physical records, contractors and external service providers; or
• Carrying out securitisation arrangements (such as trustees, investors and the advisers).
Also We might transfer your data; to potential buyers within the context of share sales/transfer, to companies from which we receive intermediary collection services or to which we provide intermediary collection services for the purpose of loading TRY to cellphones, to General Directorate of the National Lottery if you shall participate to a campaign or lottery submitted by our Bank, to done foundations and associations if you make a donation
Agents, brokers and business partners
We may share your personal data with agents ,or business partners who act on our behalf, or which jointly offer products and services with us, such as insurance. They are operating in line with local legislation
Researchers
We are always looking for new insights to help you get ahead in life and in business. For this reason, if you give an explicit consent for such data transfer, we exchange personal data with partners like universities and other independent research institutions, who use it in their research and innovation. The researchers we engage must satisfy the same strict requirements as ING employees.
6. Your rights and how we respect them
If your personal data is processed, you have privacy rights. Based on Personal Data Protection Law no.6698
you have the following rights:
• the right to know whether your personal data has been processed or not, and to ask for more information about these actions.
• the right to know why your data was processed and whether it was used for those purposes.
• the right to know who your data is transferred to (third parties inside and outside the country).
• the right to request the correction of incorrect or wrongfully processed data.
• the right to request that your personal data be erased or destroyed.
• the right to request that third parties are notified about the erasure or destruction of personal data that was transferred to them in the event it is incorrect or wrongfully processed.
• the right to object to an outcome resulting from a fully-automated analytical process.
• the right to claim for damages incurred from the unlawful processing of your personal data.
Exercising your rights
To exercise your rights or for to submit a complaint, please contact us on ingbank@hs03.kep.tr. You will also find our contact details and those for the Data Protection Authority at the end of this Privacy Statement.
We aim to respond to your request as quickly as possible.
In certain cases, we may deny your request. We will let you know in due course, on what legal grounds it was denied. We will inform you in writing or in an electronic format (email, SMS etc.).
7. Data provided by You
In some cases, we are legally required to collect personal data or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays in the availability of certain products and services.
8. How we protect your personal data
We take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed. We apply an internal framework of policies and minimum standards across all our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments.
In addition, ING employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact ING if you suspect that your personal data may have been compromised.
9. Changes to this Privacy Statement
We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on
10. Contact and questions
To learn more about ING’s data privacy policies and how we use your personal data, you can send us an email, call us or visit your local branch or regional office.
In line with the Personal Data Protection Law no.6698, you can exercise your rights regarding your personal data using the form found at this link [●] by through any of the following channels:
• authenticate your identity and personally apply at Reşitpaşa Mahallesi, Eski Büyükdere Caddesi, No 8, 34467 Maslak-Sarıyer, Istanbul, or any of our branches;
• email your application to ingbank@hs03.kep.tr by using your registered email address;
• email to verikoruma@ingbank.com.tr by using your personal email address, which must have a secure electronic signature or mobile signature; or the email address you used to register in our system;
• Use another method provided in the Communique Regarding the Principals and Procedures of Application to the Data Controller.
We will finalise your application within 30 (thirty) days of receiving it. If we incur any costs, we will apply a tariff determined by the Board of the Personal Data Protection. Should your application be denied, we will justify the reason in writing or in an electronic format.
Contact details for Data Protection Officer |
Data Protection Authority |
Republic of Turkey |
ingbank@hs03.kep.tr |
Personal Data Protection Board of Turkey https://www.kvkk.gov.tr |