Please kindly note that below notice will be in place from 25th of May 2018 to comply with new regulations GDPR - General Data Protection Regulation and to provide you more information on the matter.
T.C ZIRAAT BANKASI LONDON BRANCH FAIR PROCESSING NOTICE
Notice This Fair Processing Notice. Also referred to as a Privacy Notice.
Branch/We/Us Ziraat Bankasi A.S London Branch
FCA Financial Conduct Authority
PRA Prudential Regulatory Authority
ICO The Information Commissioner's Office who are the Supervisory Authority for the processing of personal data by all UK organizations. See www.ico.org.uk for more information.
Service Providers Third parties to whom we outsource certain functions of our business. For example, we have service providers who provide / support 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.
FAIR PROCESSING NOTICE
This Fair Processing Notice is addressed to customers, both past and current, of the Branch.
We know how important privacy is to you. So we have created this Fair Processing Notice to provide you with a clear explanation of when, why and how we collect and use your personal data in carrying out our banking services.
We have designed it to be as user friendly as possible, and have labelled sections to make it easy for you to navigate to the information that may be most relevant to you.
Please read this Notice with care - it applies to your personal data as collected or to be collected from customers and others by the Branch. It provides important information about how we use your personal data and explains your legal rights.
This Notice does not override any rights you have available under data protection law. We may amend this Notice from time to time, for example to keep it up to date in order to comply with legal requirements or changes in the way we operate our business. We will publish the up to date version of this Notice on our web site.
1. Who is responsible for looking after your personal data?
As the Branch we are responsible for the information that we collect and process about you. As such we are the data controller in relation to your personal data. Contact details are: Attention Data Control Leader - firstname.lastname@example.org Tel + 44 207 6004985
2. What do we use your personal data for?
We use your personal data:
• For the following purposes necessary for the performance of our contract with you, or in readiness for such a contract:
• to provide you with banking services according to your needs;
• for any additional purpose reasonably required to perform our obligations to you so that you can use our services and products;
• Where we or someone else has a legitimate interest: This includes
• to support our controls and management information;
• to help prevent and detect debt, fraud and financial loss;
• to record our dealings with you, so we have an accurate record of our relationship with you;
• to send you details about other products and services we offer which we think may be of interest to you based on the information you have provided to us. (In some cases we are only able to do this with your consent (for example for direct electronic or mail marketing where you are a non-corporate customer) and you can always opt out of receiving this information);
• to improve our processes and use of technology; and
• To meet our legal and regulatory obligations (for example to the FCA and PRA).
3. What personal data do we collect?
We will only collect your personal data where it is relevant for the purposes set out in above Section 2. The information we will collect may include:
Categories of personal data: Examples of personal data we may collect:
Personal attributes Name; Age or date of birth; National Insurance Number; Marital information
Personal directory Address (including postcode)
Financial data Salary / wage; Other financial information e.g. fund values, insured amounts.
Personal property information (if/when used for commercial, security or due diligence purposes)
Special categories of data We do not collect any special category data (such as health data, racial or ethnic origin or similar). If and when required we do apply criminal record check to prevent fraud.
From time to time, you may need to provide the Branch with someone else’s personal data, e.g. your dependents, nominated beneficiaries, directors etc., which they may share with us for the purposes set out in this Notice.
Wherever possible, you should take steps to inform them that you need to disclose their details to us, obtain their consent to do so and identify us as the party with whom you are sharing their information. Please provide them with a copy of this Notice.
4. Who do we collect your data from?
We will obtain information about you directly from yourself (when you fill in our forms or correspond with us by phone, email, in person or otherwise).and credit checking agencies and Dow Jones and public sources etc.
5. Who do we share your personal data with?
From time to time we work with some Service Providers to help manage the business. These parties may need to have access to your personal data. The Service Providers may include:
• Providers of our banking software;
• Businesses who help manage our IT and back office systems; and
• Auditors and other professional services firms.
We may be under legal or regulatory obligations to share your personal data with public authorities, government bodies, courts, regulators (which may include the PRA, FCA and ICO) and law enforcement agencies in the E.U. and around the world.
We will not share your personal data with third parties for marketing purposes.
6. International Transfers
From time to time we may need to share your personal data with members of Ziraat Finance Group or with Service Providers who may be based outside of the European Economic Area (EEA). We always take steps to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests. These measures include:
• Transfers of your personal data to countries which are recognized as providing an adequate level of legal protection;
• Transfers within the Ziraat Finance Group where we have entered into Standard Contractual Clauses or an intra-group agreement, both of which give specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the Ziraat Finance Group; and
• Transfers to Service Providers protected by prior due diligence and contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes.
You have the right to ask us for more information about our safeguards. Please contact the Data Protection Leader (contact details + 44 207 600 79 85 email@example.com if you would like further information or to request a copy where the safeguards are documented (although note that some extracts may be redacted for security reasons).
7. How do we keep your personal data secure?
We take data security seriously. To reflect this, we have put in place a clear data protection policy and a chain of responsibility. Please contact the Data Protection Leader if you would like a copy of our Data Protection Policy.
8. How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 2 of this Notice, including meeting legal, regulatory, tax and accounting requirements. We also retain your personal data so that we have an accurate record of our dealings with the relevant authorities in the event of any complaints or disputes, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings. This means that in some circumstances we may keep your personal data for a long period of time, including after we have ceased to provide our banking services to you. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business on a day to day basis
9. What are your rights?
You have certain rights regarding your personal data. These include the rights to:
• request a copy of the personal data we hold about you;
• request that we supply you (or a nominated third party) with an electronic copy of the personal data that you have provided us with;
• inform us of a correction to your personal data;
• exercise your right to restrict our use of your personal data;
• exercise your right to erase your personal data; or
• • object to particular ways in which we are using your personal data (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
• understand the basis of international transfers of your data by us.
Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Where processing is carried out based upon your consent, you have the right to withdraw that consent.
Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right does not apply to the particular data we hold on you.
You should note that if you exercise certain of these rights we may be unable to continue to provide some or all of our services to you (for example where the personal data is required by us to comply with a statutory requirement, or is necessary in order for us to perform our contract with you).
Please contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate.
You may also exercise a right to complain to your Supervisory Authority. Please contact the Data Protection Leader if you wish to exercise any of your rights.
10. Contact, further information, queries and complaints
Our Data Protection Officer is your primary point of contact for all matters arising from this Notice, including requests to exercise your rights set out in section 9. firstname.lastname@example.org Attention Data Protection Leader + 44 207 600 49 85
If you have any query, complaint or concern about how we use your personal data, please contact the Data Protection Leader in the first instance and we will attempt to resolve the matter as soon as possible. You also have a right to lodge a complaint with the ICO at any time.