Get to Know Us
Business Associate
Digital Bridge

QNB Finansbank DIGITALBRIDGE Solution Partner

Details
About Factoring
Business Associate
Digital Bridge

QNB Finansbank DIGITALBRIDGE Solution Partner

Details
Our services
Business Associate
Digital Bridge

QNB Finansbank DIGITALBRIDGE Solution Partner

Details
PURPOSE

The main purpose of this Policy is to discipline the personal data processing activity carried out in accordance with the law within the scope of factoring services maintained by QNB Finans Faktoring A.Ş. (“QNB Finansfaktoring”) and describe the personal inviolability, corporeal and spiritual existence of the individual expressed in Article 17 of the Constitution, the fundamental rights and freedoms of the person protected in Article 20 of the Constitution, as well as the principles adopted for the processing of personal data in this context; create a corporate culture; and ensure transparency by informing the personal data owners/data subjects whose personal data are processed by QNB Finansfaktoring within this scope.

QNB Finansfaktoring pays utmost attention to the security of personal data and continues its activities with the awareness that the security of personal data is at the forefront in all products and services offered.

Using personal data for factoring transactions, the confidentiality of the private life of the person whose data is processed, and the protection of fundamental rights and freedoms are the basic principles of QNB Finansfaktoring.

DEFINITIONS

In application of law and within the scope of this Policy, following terms shall have the following meanings:

  • Explicit consent: means freely given, specific and informed consent,
  • Anonymization: means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data,
  • Relevant user: means the persons who process personal data within the organization of the data controller or in accordance with the authorization and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection, and backup of the data.
  • Disposal: means erasure, annihilation, or anonymization of personal data,
  • Law: Personal Data Protection Law No. 6698,
  • Personal Data Owner/Data Subject: means customers, or non-customers, potential customers, employees, employee candidates, shareholders, visitors, and the institutions and organizations that have a business relationship within the framework of a contract (support services, independent audit, rating, consulting, service, procurement, cooperation, solution partnership, etc.) concluded with them, as well as the employees, shareholders, and officials thereof, and the third natural person, whose personal data is processed,
  • Personal data: means any information relating to an identified or identifiable natural person,
  • Processing of personal data: means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof,
  • Board: means the Personal Data Protection Board,
  • Authority: means the Personal Data Protection Authority,
  • Customer: means the relevant natural person who receives services from our Company in accordance with the contract he/she has signed with our Company and whose data is processed,
  • Data Processor: means the natural or legal person who processes personal data on behalf of the data controller upon its authorization,
  • Data filing system: means the system where personal data are processed by being structured according to specific criteria,
  • Data Controller: means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.

SCOPE

This policy shall apply to all personal data of QNB Finansfaktoring's customers, potential customers, employees, employee candidates, shareholders, visitors, the institutions and organizations with which it has a business relationship within the framework of a contract (support services, independent audit, rating, consulting, service, procurement, cooperation, solution partnership, etc.) concluded, the employees, shareholders, and officials thereof, as well as third parties, whose personal data are processed automatically or by non-automatic means, provided that they form part of a data filing system.

DOCUMENTS

Personal Data Storage and Disposal Policy (POL.010)

ENTRY INTO FORCE OF THE POLICY

The Policy entered into force on April 29, 2019. In case of renewal of all or part of the Policy, the versions of the Policy shall be updated.

The Policy is available on the QNB Finansfaktoring website www.qnbff.com and shared with the personal data owners/data subjects if they request.

All employees are responsible for the implementation of this Policy throughout QNB Finansfaktoring within the scope of their authorities.

TEMPORAL APPLICATION OF THE POLICY

In paragraph 3 of Provisional Article 1 of the Law, the status of data that have already been processed is regulated. Accordingly, the personal data that were processed before the publication date of this Law shall be rendered compatible with the provisions of this Law within 2 years as of its date of publication. During this period, the personal data found to not comply with this Law's provisions shall be immediately erased, destructed, or anonymized. However, consents duly taken before the publication date of this Law, April 07, 2016, shall be deemed compatible with the provisions of this Law, unless no declaration of intent is made to the contrary within one year.

PERSONAL APPLICATION OF THE POLICY

According to Article 2 of the Law, the provisions of the Law shall apply to natural persons whose personal data are processed and to natural or legal persons processing such data wholly or partially by automated means or by non-automated means which provided that form part of a data filing system. Accordingly, the personal data of legal entities are excluded from the scope of the Law, but if it is possible to determine the natural person from the data of a legal entity, these data shall also be considered within the scope of the Law.

Anonymized and unidentified data and data related to legal entities are not regarded as personal data and are not subject to this Policy.

PERSONAL DATA

It is all kinds of information relating to an identified or identifiable natural person. In order to mention personal data, the data must be related to a natural person and this person must be identified or identifiable.
a. Relating to a natural person: Personal data is related to a natural person, and data related to legal entities are outside the definition of personal data. Therefore, information related to corporate identities, such as the trade name or address of a company (except in cases where they may be associated with a natural person) shall not be considered personal data.
b. Identified or identifiable person: Personal data covers all information that allows the identification of the data owner directly, as well as the identification of that person as a result of its association with any records, although it does not directly identify the person.
c. Any kind of information: The phrase any kind of information is very extensive and all the data that covers the data not only reveal the identity of a natural person, such as his/her name, surname, date of birth, and place of birth, but also render the person directly or indirectly identifiable, such as his/her phone number, motor vehicle license plate, social security number, passport number, resumé, picture, video and sound recordings, fingerprints, IP address, e-mail address, hobbies, preferences, contacts with whom interacted, group memberships, family information, health information are considered to be personal data.

PROCESSING PERSONAL DATA

The concept of processing personal data refers to the chained cycle. In Article 2 of the Law, a process that begins with the first acquisition of personal data by automated means or by non-automated means provided that form part of a data filing system and any subsequent processing are defined as data processing. All kinds of activities carried out within the course until the erasure, destruction, or anonymization of personal data following the collection of personal data in the manner set out are deemed to be the processing of personal data within the scope of the Law.

Personal data may be processed in different ways:

  • Collecting or recording: The processing activity starts at the moment the personal data is obtained for the first time.
  • Organizing/storage: The keeping, hosting, or storing of personal data in a digital or physical environment is accepted as part of the processing.
  • Using/modifying: Any use of personal data, including viewing, is considered processing.
  • Transferring: It is the transmission of Personal Data by various methods.
  • Disseminating/making accessible: Making data accessible to third parties in a digital environment, as is the case in physically distributing or sharing them, is also a type of processing.
  • Preventing: This is also deemed to be a processing activity.

Personal data can be processed by automated means.

a. Automated Processing
Data Processing by Non-Automated Means; is a processing activity that occurs automatically without human intervention within the scope of algorithms prepared in advance through software or hardware features performed by devices with processors such as computers, phones, watches, etc.

b. Processing by Non-Automated Means (Provided That it is Part of a Data Filing System)
The provisions of the Law shall govern the personal data when they are processed through a “data filing system”, although they are not subject to automated processing. These systems can be created electronically or in a physical environment.

For the legal processing of the data, all the following conditions must be met together:

  • The processing should be based on consent or exception
  • Information should be provided
  • Processing should be limited by the purpose and duration
  • Compliance with general (basic) legal principles

During the period when the factoring services offered by QNB Finansfaktoring are used by our customers and in any case after the termination of the relationship, the Company has the right to process the personal data of the data owner/data subject by complying with the purposes specified in this Policy.

In respect of the personal data owner/data subject, QNB Finansfaktoring has the right to process the personal data of the data owner/data subject as long as the reasons for lawfulness provided for in the Law continue.

The personal data processing carried out by QNB Finansfaktoring are the operations carried out in relation to the data by using automated, semi-automated, or non-automated means within the scope of factoring activities.

The processing of personal data refers to all kinds of operations carried out on the data such as obtaining the data, taking audio or video recordings, collecting, recording, storage, protecting, organizing, storing, using, changing, reorganizing, classifying, disclosing, transferring domestic or abroad, making accessible, taking over, preventing the use of the data.

GENERAL PRINCIPLES IN PROCESSING PERSONAL DATA

Personal data is processed by QNB Finansfaktoring in accordance with the principles stipulated in the Law and the procedures and principles set out in this Policy under the following scope.

  • Lawfulness and Fairness
    QNB Finansfaktoring processes personal data in accordance with the relevant legislation and the requirements of fairness and uses it within these limits.
  • Being Accurate and Kept Up-to-date Where Necessary
    QNB Finansfaktoring ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights and legitimate interests of data subjects. In this context, it carefully takes into account issues such as the sources from which the data is obtained are specific, the accuracy of which is confirmed, and the assessment of whether it needs to be updated.
  • Being Processed for Specified, Explicit, and Legitimate Purposes.
    QNB Finansfaktoring clearly and precisely determines the purpose of data processing and ensures that this purpose is legitimate. The fact that the purpose is legitimate means that the personal data processed by QNB Finansfaktoring are related to and necessary for the factoring services it currently offers and the business or activity it performs in this context.
  • Being Relevant, Limited, and Proportionate to the Purposes for Which they are Processed
    QNB Finansfaktoring ensures that the personal data processed are conducive to the realization of the determined purposes and avoids the processing of personal data that are not related to the realization of the purpose or that are not needed. For processing data in order to meet the needs that may arise later, it meets the conditions for processing personal data as set out in the Law, as if it starts processing for the first time. In addition, it keeps the processed data limited only to what is necessary for the realization of the purpose.
  • Being Stored for the Period Laid Down by Relevant Legislation or the Period Required for the Purpose for Which the Personal Data are Processed
    If there is a period stipulated for the storage of data in accordance with the Law on Financial Leasing, Factoring,Financing and Saving Financing Companies No. 6361 and all legislation to which it is subject within the scope of factoring activities, QNB Finansfaktoring complies with these periods; otherwise, it retains personal data only for the period necessary for the purpose for which they are processed. If there is no valid reason for further storage of personal data by QNB Finansfaktoring, the data in question shall be erased, destroyed, or anonymized in accordance with the regulations contained in the Personal Data Storage and Disposal Policy (POL.010).

CONDITIONS FOR PROCESSING OF PERSONAL DATA

"Explicit consent” is defined in the Law as the declaration of consent that the customer gives for the processing of data about himself, freely, having sufficient information on the subject, in an explicit manner that will leave no room for hesitation and is limited only to that transaction. In accordance with Article 5 of the Law, explicit consent is one of the personal data processing conditions in the Law and has no comparative superiority over other personal data processing conditions. Explicit consent is not the only element that gives legality to the data processing activity.

Personal data may be processed without seeking the explicit consent of the personal data owner/data subject only in cases where one of the following conditions is met:
a. It is expressly provided for by the laws.
b. It is provided for by the legislation to which we are subject due to factoring activities even if there is no explicit consent of the personal data owner/data subjects.
c. It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid.
d. Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
e. It is necessary for compliance with a legal obligation to which the data controller is subject.
f. Personal data have been made public by the personal data owner/data subject himself/herself.
g. Data processing is necessary for the establishment, exercise, or protection of any right.
h. Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the personal data owner/data subject.
i. Processing of personal data is necessary for the protection of legitimate interests of the personal data owner/data subject, provided that this processing shall not violate their fundamental rights and freedoms protected under the Law and this Policy.

QNB Finansfaktoring shows the necessary sensitivity to comply with the basic principles regarding the protection of personal data and to observe the balance between the interests of the personal data owner/data subject and QNB Finansfaktoring.

DATA PROCESSING PURPOSES

QNB Finansfaktoring processes personal data for the following purposes;
a. Fulfilling its obligations in accordance with all legislation to which it is subject within the scope of factoring activities, in particular the Law on Financial Leasing, Factoring, Financing and Saving Financing Companies No. 6361,
b. Performing the terms of the contracts subject to the products and services concluded in order to provide factoring services and fulfilling the obligations assumed,
c. Conducting creditworthiness assessments of our customers, carrying out intelligence and information research, planning, and statistical studies,
d. Developing them by using during the analysis of the data related to the credit history, statistical data, etc. of our customers, so that the Company's services can be offered to our customers in the best way,
e. Being able to contact our customers about the current status and updates of factoring services offered to our customers and providing the necessary information in this regard,
f. Where it is necessary to obtain the factoring transactions and/or credit history and/or behavioral models of our customers, offering a new and/or additional factoring product or changing the existing conditions,
g. Offering services related to factoring and performing transactions related to them, and conducting activities and developing services in this context,
h. Directing our customers to the products they may be interested in considering their usage habits and providing information about campaigns, conducting advertising, marketing, promotional, and campaign activities for the mentioned services and products,
i. Recognizing our customers and using them in customer analysis in order to increase customer satisfaction, and performing various marketing and advertising activities,
j. Offering recommendations to our customers, informing our customers about our services by our contracted institutions and solution partners,
k. Assessing customer complaints and recommendations in relation to out services,
l. Fulfilling our legal obligations and exercising our rights arising from the legislation,
m. Planning and implementing our human resources policies in the best manner, assessing personal data shared during job applications,

within the scope of data processing conditions set out in articles 5 and 6 of the Law.

PROCESSING OF THE DATA OF EMPLOYEES AND EMPLOYEE CANDIDATES

Existing Employees: For purposes such as performance of the employment contract concluded with QNB Finansfaktoring within the framework of this contract, and/or the fulfillment of the personal rights arising from this contract and the uninterrupted exercises thereof, all kinds of insurance services to be provided to employees, occupational health and safety services, performance management and evaluation and its follow-up, training activities, fulfilling human resources and training processes, QNB Finansfaktoring has the right to process the personal data disclosed by the personal data owner/data subject due to the starting to work in a position and/or internship.

Employee Candidates: The evaluation of job applications, the execution of intelligence, research, and other recruitment processes are carried out in accordance with the provisions of the relevant laws.

There must be legal reasons for the processing of personal data that are related to the employment relationship but are not part of the performance of the employment contract at first. [Such as the consent of the applicant (by electronic and non-electronic means), the legitimate interest of QNB Finansfaktoring, the principles and purposes of data processing contained in the Law and this Policy].

PROCESSING OF DATA WITH THE SURVEILLANCE CAMERAS IN THE HEAD OFFICE AND BRANCH

QNB Finansfaktoring carries the purposes of protecting its own and 3rd persons' interests related to ensuring their safety with the surveillance camera video recording carried out at the entrances and inside the Head Office and branches.

The data processing activities described above are carried out in accordance with the Law on Private Security Services No. 5188 and the relevant legislation by QNB Finansbank, the locations of which are in common use.

QNB Finansfaktoring carries out surveillance camera monitoring activities in order to ensure security, for the purposes stipulated in the relevant legislation in force and in accordance with the personal data processing conditions set out in the Law.

PROCESSING OF THE PERSONAL DATA OF THE VISITORS

QNB Finansfaktoring may carry out personal data processing activities aimed at tracking visitor entries and exits at the Head Office for the purposes specified in this Policy and to ensure security.

The personal data owners/data subjects in question are informed while recording the names and surnames of the visitors who come to the General Directorate office or through the information texts posted at the General Directorate or made available to the visitors in other ways.

The data obtained for the purpose of tracking visitors' entry and exit are processed only for this purpose and the relevant personal data are recorded in the data recording system in the physical environment.

VISITORS OF THE WEBSITE

On websites owned by QNB Finansfaktoring, internet movements within the website are recorded by technical means (for example, cookies) in order to ensure that people visiting these sites visit the websites suitable for their visiting purposes, to show them customized content, and to engage in online advertising activities.

Detailed explanations regarding the protection and processing of personal data related to these activities carried out by QNB Finansfaktoring are included in the “Privacy Policy” texts of the relevant websites.

PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

QNB Finansfaktoring acts in accordance with the regulations stipulated in the Law in the processing of personal data designated as the "special categories of personal data" by the Law.

In Article 6 of the Law, some personal data that pose a risk of causing victimization or discrimination to persons when processed unlawfully are defined as the "special categories of personal data". These data categories are the ones related to race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations, or trade unions, data concerning health, sexual life, criminal convictions, and security measures, and the biometric and genetic data.

On condition that adequate measures to be determined by the Board are taken, QNB Finansfaktoring shall process special categories of personal data in accordance with the Law;

  • If the personal data owner gives his/her explicit consent, or
  • If there is no explicit consent of the personal data owner;
    a. In cases stipulated by laws in respect of special categories of personal data other than the health and sexual life of the personal data owner,
    b. Special categories of personal data of the personal data owner related to their health and sexual life are processed only by persons or authorized institutions and organizations who are under the obligation to keep secrets for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and their financing.

TRANSFERRING PERSONAL DATA

QNB Finansfaktoring may transfer the personal data of the personal data owner/data subject to third parties by taking the necessary security measures in line with lawful personal data processing purposes. QNB Finansfaktoring acts in accordance with the regulations stipulated in Article 8 of the Law in this respect.

QNB Finansfaktoring may transfer personal data to third parties based on and limited to one or more of the personal data processing conditions specified in Article 5 of the Law listed below for legitimate and lawful personal data processing purposes:

  • If the personal data owner gives his/her explicit consent,
  • If there is a clear regulation stipulating the transfer of personal data in the laws
  • It is necessary for the protection of life or physical integrity of the personal data owner/data subject or of any other person and the personal data owner/data subject is unable to disclose his/her consent due to the physical disability or whose consent is not deemed legally valid
  • If the transfer of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract
  • If the transfer of personal data is necessary for QNB Finansfaktoring to fulfill its legal obligation,
  • If the personal data has been made public by the personal data owner/data subject
  • If the transfer of personal data is necessary for the establishment, use, or protection of a right
  • If the transfer of personal data is necessary for the legitimate interests of QNB Finansfaktoring, provided that this processing shall not violate the fundamental rights and freedoms of the personal data owner/data subject concerned.

Transferring Abroad

QNB Finansfaktoring may transfer the personal data of the personal data owner/data subject to third parties by taking the necessary security measures in line with lawful personal data processing purposes.

QNB Finansfaktoring may transfer personal data to foreign countries that have been declared to have adequate protection by the Board or, in the absence of adequate protection, to foreign countries (“Foreign Country with Adequate Protection”) for which there exists a written commitment for adequate protection by the data controllers in Turkey and the relevant foreign country and the authorization of the Board (“Foreign Country where the Data Controller Who Commits the Adequate Protection is Located”). QNB Finansfaktoring acts in accordance with the regulations stipulated in Article 9 of the Law.

QNB Finansfaktoring may transfer personal data to Foreign Countries with Adequate Protection or Foreign Countries where the Data Controller Who Commits the Adequate Protection is Located for legitimate and lawful personal data processing purposes, if the personal data owner/data subject gives his/her explicit consent, or if he/she does not give his/her explicit consent, in case of existence of one of the following conditions:

  • If there is a clear regulation stipulating the transfer of personal data in the laws
  • It is necessary for the protection of life or physical integrity of the personal data owner/data subject or of any other person and the personal data owner/data subject is unable to disclose his/her consent due to the physical disability or whose consent is not deemed legally valid
  • If the transfer of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract
  • If the transfer of personal data is necessary for QNB Finansfaktoring to fulfill its legal obligation,
  • If the personal data has been made public by the personal data owner/data subject
  • If the transfer of personal data is necessary for the establishment, use, or protection of a right
  • If the transfer of personal data is necessary for the legitimate interests of QNB Finansfaktoring, provided that this processing shall not violate the fundamental rights and freedoms of the personal data owner/data subject concerned.

Purposes of Transferring

QNB Finansfaktoring transfers the personal data it processes as per the conditions specified in Articles 8 and 9 of the Law limited for the purposes of planning and managing the strategies within the scope of the factoring activities that it carries out; to the institutions and organizations with which it has a business relationship within the framework of a contract concluded with it (for support services, independent audit, rating, consulting, services, procurement, cooperation, solution partnership, etc.) in order to execute the contract and ensure the legal, commercial, and physical security and corporate functioning of QNB Finansfaktoring and for carrying out the works to allow customers to benefit from the products and services offered in the best way; to customize the products and services based on the demands, needs and wishes of the customers and offer them accordingly; to improve the services offered on the website; to plan and implement our human resources policies in the best way; to contact those who submit their requests and complaints to QNB Finansfaktoring.

ERASURE, DESTRUCTION, AND ANONYMIZATION OF PERSONAL DATA

Erasure, Destruction, or Anonymization of Personal Data

Without prejudice to the provisions contained in other laws regarding the erasure, destruction, or anonymization of Personal Data, despite being processed in compliance with the provisions of this Law and other relevant laws, QNB Finansfaktoring erases, destructs, or anonymizes personal data, ex officio or on the request of the data subject, in the event that the reasons for the processing no longer exist, in accordance with the principles set out in the “Personal Data Storage and Disposal Policy”.

Erasure of personal data is the process of making personal data inaccessible and unusable for the relevant users in any way.

Destruction of data, on the other hand, is the process of making personal data inaccessible, unrecoverable, and unusable by anyone in any way.

By anonymizing the data, personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.

Storage Period of Personal Data

QNB Finansfaktoring stores personal data during the periods stipulated in the laws and other legislation. Upon the realization of the purpose of processing personal data and the expiration of the period set out in the relevant legal regulations, personal data are erased, destroyed, or anonymized, ex officio or on the request of the data subject, in the event that the reasons for the processing no longer exist, in accordance with the principles set out in the Personal Data Storage and Disposal Policy(POL.010).

In the event that personal data is destroyed by means of the said methods, these data cannot be used and recovered in any way. However, personal data may be stored in cases where QNB Finansfaktoring has a legitimate interest or despite the fact that the purpose of processing no longer exists and the periods specified in the relevant laws expires, provided that the fundamental rights and freedoms of the personal data owner/data subject are not breached.

RIGHTS OF PERSONAL DATA OWNER/DATA SUBJECT

Each personal data owners/data subjects have the following rights:
a. To learn whether his/her personal data are processed or not
b. To demand information as to if his/her personal data have been processed,
c. To learn the purpose of the processing of his/her personal data and whether these personal data are used in compliance with the purpose,
d. To know the third parties to whom his/her personal data are transferred in country or abroad,
e. To request the rectification of the incomplete or inaccurate data, if any,
f. To request the erasure or destruction of his/her personal data
g. To request reporting of the above-listed operations carried out pursuant to sub-paragraphs d and e to third parties to whom his/her personal data have been transferred
h. To object to the occurrence of a result against him/her by analyzing the data processed solely through automated systems
i. To claim compensation for the damage arising from the unlawful processing of his/her personal data.

APPLICATION METHODS OF PERSONAL DATA OWNER/DATA SUBJECT

QNB Finansfaktoring finalizes requests related to the implementation of this Policy and the Law as soon as possible and free of charge within 30 days at the latest, depending on the nature of the request contained in the application. However, if the transaction requires an additional cost, the fees determined by the Board and listed below may be charged. In case the application is caused by a mistake of QNB Finansfaktoring, the fee charged will be refunded to the personal data owner/data subject.

Application method

The personal data owner/data subject may submit his/her requests within the scope of his/her rights specified in Article 11 of the Law by the following methods,

  • By submitting a written application in person to our Company together with the documents confirming his/her identity (identity card, driver's license, etc.),
  • By using a secure electronic signature or an electronic mail address previously notified and registered in our Company's system.
    a. By email to our Company's Registered Electronic Mail address (qnbfinansfaktoring@hs05.kep.tr).
    b. By email to kvkk_bilgi@qnbff.com email address.

Applications are accepted following the identity confirmation to be made by our Company and will be responded to in writing or electronically within the legal periods.

In written applications, the date on which the documents are notified to our Company is the application date.
In applications made by other methods, the date on which the application reaches our Company is the application date.

Response to the application

QNB Finansfaktoring is obliged to take all necessary organizational and technical measures in order to finalize the applications to be made by the personal data owner/data subject effectively, lawfully, and fairly.

QNB Finansfaktoring shall act on the request or refuse it together with justified grounds. QNB Finansfaktoring communicates its response to the personal data owner/data subject in writing or electronically.

If the request of the personal data owner/data subject is accepted, the requirement of the request is fulfilled by QNB Finansfaktoring as soon as possible and the data owner/data subject is informed.

Fee

If the personal data owner's/data subject's application is to be responded to in writing, no fee will be charged for up to 10 pages. A transaction fee of TL 1 may be charged for each page over 10 pages.

If the response to the application is given on a recording medium, such as a CD, flash memory, etc., the fee that may be requested by the data controller cannot exceed the cost of the recording medium.

SITUATIONS WHERE THE LAW AND POLICY WILL NOT BE APPLIED PARTIALLY OR COMPLETELY

The Law and this Policy and their provisions will not apply to the following situations:

  • Processing of personal data by natural persons entirely within the scope of activities related to themselves or family members living in the same residence provided that they are not given to third parties and the obligations related to data security are complied with
  • Processing of personal data for purposes such as research, planning, and statistics by anonymizing them with official statistics
  • Processing of personal data for artistic, historical, literary, or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public safety, public order, economic security, the privacy of private life, or personal rights, or does not constitute a crime.
  • Processing of personal data within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations tasked and authorized by law to ensure national defense, national security, public safety, public order, or economic security.
  • Processing of personal data by judicial authorities or enforcement authorities in relation to the investigation, prosecution, trial, or enforcement proceedings.

On condition that it is appropriate and proportionate to the purpose and basic principles of this Policy and the Law, Articles 10, which regulates the data controller's disclosure obligation, Article 11, which regulates the rights of the person concerned, except for the right to request compensation for damage, and Article 16, which regulates the obligation to register in the Data Controller Registry, shall not be applied to the following cases:

  • Personal data processing is necessary to prevent the commission of a crime or for the investigation of a crime.
  • Personal data have been made public by the personal data owner/data subject himself/herself.
  • Processing personal data is necessary for the performance of supervision or regulatory duties and disciplinary investigation and prosecution to be carried out by the assigned and authorized public institutions and organizations and by public professional organizations, in accordance with the power conferred on them by the Law
  • Processing personal data is necessary for the protection of the economic and financial interests of the state related to budget, tax, and financial matters

ESTABLISHING AND MANAGING THE DATA PROCESSING OPERATION

QNB Finansfaktoring subjects its data processing operations carried out within the framework of its factoring activities primarily to the data security principles within the scope of the Financial Leasing, Factoring Financing and Saving Financing Companies Law No. 6361 and the Communiqué on the Management and Supervision of the Information Systems of Financial Leasing, Factoring and Financing Companies, which is a sub-regulation.

In this respect, it is prohibited for any employee of QNB Finansfaktoring to access, process, or use this data in an unauthorized manner.

The processing of this data by any employee of QNB Finansfaktoring who is not authorized within the framework of his/her legitimate duty means unauthorized processing.

QNB employees can only access personal data appropriately within the framework of the type and scope of their duties in question. For this purpose, in accordance with the principle of separation of duties, roles and responsibilities have been classified and detailed.

The employees of QNB Finansfaktoring are prohibited from using personal data for private or commercial purposes, sharing this data with unauthorized persons, or making this data accessible by any other method.

IMPLEMENTATION AND CONTROL OF THE POLICY

QNB Finansfaktoring carries out its data processing activities in accordance with the regulations of the Law and treats the Personal Data Protection and Processing Policy as part of its corporate governance. In addition, it shall take all necessary organizational and technical measures to ensure the enforcement of the policies and procedures published in accordance with the Law.

The PDPL Coordination Team is responsible for the content, up-to-dateness, and implementation of the policies within the scope of the PDPL in the Company. The KVKK Coordination Team determines representatives from business units while performing these tasks. The authorities and responsibilities of the KVKK Coordination Team and KVKK unit representatives are determined by the Company's Information Security Committee.