Personal Data Protection
We care about your personal data and protect it diligently.
As Garanti Ödeme ve Elektronik Para Hizmetleri A.Ş., we respect the security of your personal data and the confidentiality of your private life and we attach importance to its protection. We bring to your attention this clarification text prepared to inform you about the processing, transfer, storage and destruction of your personal data that you have shared with us within the scope of payment and electronic money services offered by our company and your rights regarding the use and protection of your personal data within the scope of the Law No. 6698 on the Protection of Personal Data ("PPD"/"Law").
As explained in this clarification text, your personal data may be recorded, archived, updated, transferred, classified and processed in the ways listed in the PPD and the relevant legislation within the scope of the relevant legislation.
I. Data Controller
This disclosure is made by Garanti Ödeme ve Elektronik Para Hizmetleri A.Ş. as the data controller in accordance with the provisions of the Law No. 6698 on the Protection of Personal Data, Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, Bank Cards and Credit Cards Law No. 5464, Banking Law No. 5411 and other legislation. Within the scope of the Law, "Data Processing" refers to all kinds of operations performed on personal data, such as obtaining, recording, storing, storing, updating, classifying personal data in whole or in part, automatically or non-automatically provided that it is part of any data recording system; sharing with or transferring to third parties permitted by the legislation.
As the data controller, we keep all kinds of personal data shared by you by acting in accordance with the relevant legislation and taking all necessary technical and administrative measures to ensure the appropriate level of security for your personal data.
II. Personal Data Collected by Us
Within the scope of the payment and electronic money services offered by our Company, personal data that differ depending on the type, nature and history of the relationship between the Company and the data subject, the method of obtaining the data and the following purposes, and which are processed in accordance with the principles in the Law and in the Personal Data Processing and Protection Policy of our Company and our Company's main partner T. Garanti Bankası A.Ş. are generally as follows, including but not limited to:
Identity Information: Name, surname, mother's name, father's name, Turkish ID number, ID serial number, ID expiry date, passport number, place of birth, date of birth, gender, marital status, spouse/children information, citizenship status, nationality information registry information
Visual records: Photo,
Contact Information: Contact information such as address, e-mail, registered e-mail address, mobile phone, fixed telephone and fax number, as well as communication records within the scope of telephone calls, video calls and e-mail correspondence, other audio and video data,
Transaction Security Data: Customer information, IP addresses, passwords and passwords required for access to electronic transaction channels, location information processed for purposes such as security applications used in these channels and fulfilment of legal obligations, and biometric data processed based on the consent of the persons concerned,
Marketing Data: In line with the permission of our customers, prospective customers and other real persons who may be relevant, shopping history information, surveys, cookie records, data obtained through campaign work, data obtained from organisations with which we cooperate with advertising and marketing for the purpose of orientation such as websites that offer comparison, data we receive from parties such as stores, dealers, electronic commerce sites that our Company receives external services and mediate the establishment of payment and electronic money service relationship with you,
Data on Commercial Life: Various demographic information identifying the data subject, such as information on real persons in documents for legal entities such as tax certificate, trade gazette, authorisation certificate, trade registry documents, qualification documents, signature circulars and activity certificates, information on tax liability status,
Banking and Finance Data: Pricing, reconciliation, customer information produced by our Company, uniform numbers for the products and services received by the customer from our Company, prepaid card numbers, BKM ID to be produced by the Merchant Registration System of the Interbank Card Centre A.Ş., credit, volume and termination information that can be obtained from the Bankaralarasi Kart Merkezi A.Ş. and Kredi Kayıt Bürosu A.Ş., account numbers, POS information, IBAN, detailed and all kinds of financial data regarding collection and payment activities,
Information on Education, Labour and Professional Life: Profession/title,
Legal Information: Data such as information in correspondence with judicial authorities, information in the lawsuit and execution file, information kept within the scope of alternative dispute resolution, data in all kinds of administrative and judicial authorities notified to our Company due to legal disputes to which our Company is a party,
III. Personal Data Collection Method
Your personal data is obtained during, during and after the provision of payment and electronic money services by our Company, and personal data may be obtained during face-to-face meetings, as well as through the call centre, website, e-mail, digital messaging platforms, telephone calls that may be made with our Company, parties from which our Company receives external services and which mediate the establishment of payment and electronic money services relationship with you.
Your personal data may be collected verbally, in writing or electronically through channels such as ATMs, Customer Contact Centre, TAMİ Mobile Application and Web Portal, our external service providers, as well as system integrations shared through public institutions and organisations (such as the Banks Association of Turkey Risk Centre, Revenue Administration, Credit Bureau A.Ş., Interbank Card Centre and Identity Sharing System).
IV. Purposes and Legal Grounds for Processing Personal Data
Your personal data obtained by Garanti Ödeme ve Elektronik Para Hizmetleri A.Ş. is processed for the following purposes and legal reasons in order to provide our products and services within the scope of payment and electronic money services offered by our Company:
| Purposes of Processing Legal Reasons | Legal Causes |
|---|---|
| To record the identity, address and other necessary information in order to recognise the customer, to carry out identification and confirmation procedures, to identify the information of our customers in the transactions they will perform, |
|
| Provision of payment and electronic money services, receipt of applications, fulfilment, execution, development, establishment of contractual relationship, execution of operational processes, compliance with internal systems, risk monitoring and disclosure obligations, compliance with the obligations of risk monitoring and disclosure you have signed with our Company |
|
| Fulfilment of the obligations arising from the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, Banking Law, Bank Cards and Credit Cards Law, Law on Prevention of Laundering Proceeds of Crime, sub-regulations issued by the Central Bank of the Republic of Turkey and the Banking Regulation and Supervision Agency on the management of merchant processes of Payment and Electronic Money institutions and other legislation, |
|
| Analysing, developing company systems and carrying out information security processes, establishing, managing and implementing information systems infrastructures, |
|
| Organising the business processes and activities of the company, planning and execution of operational processes and service procurement operations, |
|
| Management of relationships with external service providers, business partners or suppliers, |
|
| Determination of the Company's reputation and business relations and strategies, planning and execution of business activities and operational processes; realisation of corporate communication activities, |
|
| Execution of lawsuits and execution proceedings to which the Company is a party and follow-up and execution of other legal processes; |
|
| Execution of the Company's business and management of relations with its main shareholder and its domestic and foreign branches and subsidiaries; |
|
| Establishing transaction security in the use of electronic transaction channels, protecting customers, the Company and the payment system against fraud, forgery and attacks that our customers may be exposed to in any physical or electronic environment, keeping logs in case of internet access, analysing and examining big data for the purpose of effective management and prevention of fraud prevention and customer security processes Processing all traceable details of customer and transaction information (including location data) to create models, |
|
| To store, report and inform judicial and administrative institutions such as BRSA, CBRT, MASAK, RA, CMB, BKM and TBB Risk Centre, which are obliged to provide information |
|
| To provide payment and electronic money services through all channels, including electronic transaction channels, which we offer within the scope of the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions and all applicable legislation, |
|
| To prepare all necessary records and documents, including the processing of location information, in order to complete transactions in paper and verbal environments and electronic transaction environments (internet portal, mobile application ATM, call centre), |
|
| To plan and realise special products, services and offer activities for the payment and electronic money services we offer to our customers for marketing purposes; and for the purposes of improving, updating and renewing the products and services for member merchants with the developing technology |
|
| To plan, supervise and implement our corporate sustainability, corporate governance, strategic planning and information security processes, |
|
| End-to-end management of the processes of receiving objections and complaints from cardholders, sharing them with relevant institutions and organisations, concluding and evaluating them within the scope of the contract and the rules of international card issuers such as VISA and Mastercard, and notifying the result to the merchant, |
|
Your personal data is obtained in all kinds of verbal, written, visual and electronic media for the purposes stated above and in order to provide payment and electronic money services within the legal framework determined and to enable Garanti Ödeme ve Elektronik Para Hizmetleri A.Ş. to fulfil its contractual and legal obligations fully and duly. The legal reason for the collection of your personal data is the provisions of LPPD and other legal legislation. Garanti Ödeme ve Elektronik Para Hizmetleri A.Ş. processes your personal data by automatic and non-automatic methods in case of your explicit consent pursuant to Article 5/1 of the LPPD or on the basis of legal reasons pursuant to Article 5/2 of the LPPD.
V. Transfer of Personal Data
It is possible to share your personal data with third parties and organisations for the purposes set out in Article III of this Clarification Text by ensuring that all necessary technical and administrative measures are taken to ensure the appropriate level of security in accordance with the PPD and other relevant legislation when required by the legislation and permitted by you or the legislation. Although these persons and organisations may change depending on the changes to be made in the relevant legislation, they are generally the following parties.
Your personal data are transferred to the following parties for the following purposes and legal reasons:
| Transferred Persons/Organisations | Purposes of Transfer |
|---|---|
|
|
|
|
|
|
|
|
VI. Your Rights Regarding Protection of Personal Data
By applying to our Company at any time you have the right;
In case you exercise your rights to learn whether personal data is processed, to request information if your personal data has been processed, to access and request your personal data, to learn the purpose of processing personal data and whether they are used in accordance with their purpose, to know the third parties to whom your personal data is transferred domestically or abroad, the information you request will be notified to you in writing, electronically or through the contact information provided by you.
VII. Data Security and Right of Application
Your personal data are meticulously protected within the technical and administrative possibilities and the necessary security measures are provided at a level appropriate to the possible risks, taking into account the technological possibilities. You can submit your requests within the scope of PPD in the following ways:
If your application for these purposes requires an additional cost, you may be required to pay the fee amount in the tariff to be determined by the Personal Data Protection Board. Your requests in your application will be finalised as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request.
* When there is any change in the personal data inventory study, our Company will update this information.
Garanti Ödeme ve Elektronik Para Hizmetleri A.Ş.
