This disclosure text has been drawn up by Vakıf Katılım Bankası A.Ş., acting in the capacity of the Data Supervisor, offering its services at the headquarters of the Company located at the address of “Saray Mahallesi Dr. Adnan Büyükdeniz Caddesi No: 10 Ümraniye/ İstanbul” (Bank or our Bank) within the scope of Article 10 of Law on Protection of Personal Data and The Communique On The Procedures And Principles To Be Followed For The Fulfillment Of The Obligation To Inform. Our purpose is to inform you about the receipt of your personal data, purposes of processing, legal reasons, transfer to third persons as permitted by the relevant legislation and your rights in respect thereof.

As per Article 3 of Law No: 6698 on Protection of Personal Data, personal data means any information relating to an identified or identifiable natural person. Our Bank carries out personal data processing activities by taking necessary security precautions for the purpose of protection of fundamental rights and freedoms and the right of privacy.

Your personal data may be processed in order for our Bank to offer the banking services to our customers in the best manner in line with the purposes mentioned below within the scope of the obligations arising out of Banking Law No: 5411, Law on Protection of Personal Data and any other legal legislation to which our Bank is subject.


Your personal data including your identity information, address, contact information, occupational experience, signature, power of attorney, educational background, financial and income status, customer transaction, card details, risk management, process security, credit history, health information, vehicles and real estate properties to be purchased through financing of our Bank, legal transaction, payment details in tax and fee payment, location, declaration, audio-visual records etc. that you directly or indirectly share with us through different channels are processed by us for the purposes mentioned below.

  • To carry out basic banking transactions including account, cash, money transfer, foreign exchange/precious metals, cheque/note, sukuk, safe-deposit box, collection, financial intelligence services etc.,
  • To offer services within the scope of Banking Law and other legislation especially foreign trade, financing (credit), fund management, credit card, POS, ATM services, insurance, pension and other agency services,
  • To manage investment processes, to perform intelligence, guarantee and reference letter operations, to follow-up delinquent receivables, to carry out expertise operations,
  • To carry out inquiry transactions that we are obliged to carry out within the scope of legal legislation including Central Civil Registration System (MERNIS), The Banks Association of Turkey Risk Center, corresponding bank black lists, General Directorate of Security E-Pledge etc.,
  • To carry out supervision, independent audit and internal control activities prescribed by the legislation, to fulfill information security obligations, to detect and prevent fraud operations, to investigate suspicious transactions, to carry out risk monitoring, follow-up and reporting activities, to manage and store communication and transaction audit trails, to record voice records of Customer Communication Center, to perform identity authentication and authority management, to evaluate compliance with the principles of participating banking,
  • To carry out tax declaration activities and perform financial control activities,
  • To receive and record camera footages of our branches, regional directorate and head office units and ATMs as required for the physical security needs of our Bank,
  • To share important information (any and all information that the Bank is obliged to share with its customers) with you through your contact information.
  • To fulfill our obligations as determined by public institutions and authorities such as Banking Regulation and Supervision Agency, Banks Association of Turkey and Central Bank of the Republic of Turkey to which our Bank is obliged to give information, to perform notification and statutory reporting processes,
  • To offer you special offers if you allow us to do so, to carry out sales and marketing and promotional activities,

To solve the probable problems in main banking system, to manage expenditure objection and customer satisfaction processes, to perform complaint, suggestion and demand management.


Within the scope of Article 8 on Transfer of Personal Data and Article 9 on Transfer of Personal Data Abroad of Law No: 6698, your personal data that you have submitted to us due to your banking transactions with us may be transferred to persons/institutions at home and abroad for the purposes mentioned below. The scope of the transferred data is determined to be limited to the purpose of transfer.

  • To persons, corporations and/or institutions authorized by law such as Banking Regulation and Supervision Agency, Central Bank of the Republic of Turkey, Turkish Revenue Administration, Capital Markets Board, Social Security Institution, Financial Crimes Investigation Board, Credit Reference Agency, Risk Center, Interbank Card Center, General Directorate of Security etc. in order to fulfill our legal obligations,

  • To state institutions and organizations and contracted institutions and organizations in order to perform corporate collection transactions,

  • To card payment system service providers, card printing and courier firms in order to manage credit cards processes,

  • To SWIFT, SWIFT service providers, domestic/foreign corresponding banks, recipient/sender banks, intermediary banks and payment/electronic money institutions in order to carry out foreign trade and out of bank money transfers,

  • To prosecution offices and courts, law offices, asset management companies in order to perform and follow-up legal affairs,

  • To independent audit institutions and authorized public institutions and organizations in order to audit the compliance of activities with regulation,

  • To real estate property valuation institutions in order to carry out expertise operations,

  • To share certificate brokerage firms, finance companies and investment companies in order to carry out investment activities,

  • To research companies in order to offer you better services and to increase your satisfaction level,

  • If you allow us to do so, to our business partners in order to make you benefit from common campaigns with our business partners,

  • To persons, institutions and/or corporations that we carry out services in the capacity of intermediary in order to fulfill our obligations arising out of Intermediation/Agency Law;


Your personal data are processed based on legal reasons below specified in Article 5 of Law No: 6698 and your express consent is asked when it is required to process your personal data for the reasons other than these legal reasons. Your personal data are processed if.

  • It is expressly provided by the laws,

  • It is directly related to establishment or performance of an agreement,

  • It is obligatory for the controller to be able to fulfil its legal obligation,

  • It is obligatory to process data for the purposes of the legitimate interests of the controller provided that the processing does not prejudice the fundamental rights and freedoms of the data subject,

  • It is obligatory to process data for the establishment, exercise or protection of a right. Your personal data are also processed through automatic systems or through non-automated means provided that it is a part of any data recording system. Your personal data are achieved by our Bank through

  • Branches, head office, units, regional directorates and branches of our Bank,

  • Customer Communication Center and Telephone Banking,

  • Internet Banking and Mobile Banking Applications,

  • ATM and Kiosk systems,

  • Forms to be filled on internet websites,

  • Identity Sharing System, Address Sharing System, Trade Registry Gazette, Land Registry and Cadastre Information System, Risk Center, Credit Reference Agency etc,

  • Means of payment such as ATM systems and credit cards,

  • Companies that we carry out services in the capacity of intermediary/agent,

  • Social media accounts of our Bank,

  • Camera systems in branches, regional directorates and head office buildings and ATMs,

  • Interbank card center,

  • Communication channels such as registered electronic mail, electronic notification, electronic mail, mail, fax, short message service etc,

  • Notifications, applications and negotiations with our Bank.


Within the scope of Article 11 of Law No: 6698 on Protection of Personal Data governing the rights of the relevant persons, Everyone, in connection with herself/himself, has the right;

  • to learn whether or not her/his personal data have been processed,

  • to request information as to processing if her/his data have been processed,

  • to learn the purpose of processing of the personal data and whether data are used in accordance with their purpose,

  • to know the third parties in the country or abroad to whom personal data have been transferred,

  • to request rectification in case personal data are processed incompletely or inaccurately and to request notification of the operations made to third parties to whom personal data have been transferred,

  • to request deletion or destruction of personal data and to request notification of the operations made to third parties to whom personal data have been transferred,

  • to object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems and,

  • to request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.

You may send your requests in respect thereof through application form available on our website, through methods included in the application form or through calling our Customer Communication Center at 0850 202 1 202 and 444 44 77.

As per Article 13 of the Law, our Bank shall conclude your requests included in the applications made as specified above free of charge within the shortest time but within latest thirty days according to the nature of the request. If such transaction requires any additional cost, the Bank may request a fee in accordance with the conditions determined by Personal Data Protection Board and by taking account of the Updated Tariff specified by the Board.