Information About Protection of Personel Data

ING Finansal Kiralama A.Ş.

Data Protection Declaration Under Turkish Personal Data Protection Law no.6698

As ING Finansal Kiralama A.Ş. (“ING Finansal Kiralama” or “the Company”), we display sensitivity at most towards the security and protection of your personal data and special categories of personal data. With this awareness, as the Company, we attribute great importance to customer privacy and accordingly processing and storing data belonging to the customers ideally and regardfully. With the comprehension of this responsibility, pursuant to the Law No. 6361 Financial Leasing, Factoring and Financial Service Companies Law and relevant regulations and Turkish Personal Data Protection Law no.6698 (“the Law”), we, as Data Controller, process your personal data within the scope provided by the related regulations and for the purposes listed below:

  1. Purposes of Personal Data Processing

Data which are set out below that belongs to partners, representatives of the legal entities and real person merchant customers, real persons who are guarantors for the customers etc. and other real persons who benefits from the Company’s services:

  • Data regarding the identity, (data regarding to religion, health and visual data might be obtained indirectly from photocopy of your ID cards and/or driver licences) and contact details,
  • Data regarding the financial condition and wealth might be needed in the context of the legal relationship between the customer and the Company,

may be processed for the reasons mentioned below.

  • For establishment and the performance of the contract, within the context of providing personal security deposits and warranties etc. as a security for the legal relationship between the real person merchant or legal entity customer,
  • Completing the security intelligence, credit history, credibility and other necessary processes of data analysis in relation to the legal relationships which are to be established between customers and ING Finansal Kiralama within the context of evaluating credibility in the case acting as a partner and/or a representative,
  • Evaluating  the values of the movable and real estate properties that are supplied as a security and valuation of asset,
  • Carrying out the necessary procedures to prevent criminal attempts concerned financial fraud, money laundering, financing of terrorism etc. by targeting the Company’s service channels and customers assets,
  • For research, risk monitoring, reporting, control, audit within the context of carrying out the business procedures of the Company,

limited to providing, carrying out and improving our services, or fulfilling the requests of the customers and relevant persons, complying with legal regulations, internal-external rules and policies. Furthermore (your personal data) might be preserved digitally and physically by transferring the Company’s physical archives and information systems.

  1. To Whom and For What Purposes The Processed Data May be Transferred

Your personal data, within the scope of the Law and related regulations and listed purposes above with limited to reasons requiring the transfer, under the conditions of the Law and the Capital Markets Law, can be transferred to Public Authorities (Banking Regulation and Supervision Agency (BDDK), Financial Crimes Investigation Board (MASAK), Credit Bureau of Turkey (KKB), The Banks Association of Turkey (TBB), Risk Center (RM), Credit Guarantee Fund (KGF), Ministry of Treasury, Factoring and Financial companies (FKB), Turkish Statistical Institute (TÜİK), Turkish Employment Agency (İşkur) etc. ING Bank A.Ş. -the principal shareholder of the Company- and its subsidiaries, ING Bank B.V. -foreign shareholder of the ING Bank- and its direct and indirect establishments and subsidiaries, independent auditing firms, certified public accountants, companies that provide archive services, mortgage companies, courts, lawyers, security evaluation companies, gsm operators, insurance companies etc. and our business partners that we utilize the services of.

  1. The Method and Legal Reason of Collecting Personal Data

Your personal data may be collected, either by automated or non-automated means, in accordance with the principles stipulated in the Law and for the purpose of performance of the contract, for any reason as prescribed under the applicable laws, to fulfill any statutory/legal obligation or for the legitimate interests of the respective data controller that is stipulated under the sub article 2 of the Article 5.

Your personal data may be collected verbally, in writing and via electronic environments, by phone, e-mail etc. directly from legal entity and real person merchants or by you and applications of the Company, via public institutions and authorities, third party companies etc. for the purposes of gathering intelligence can be processed within the rules of the Article 5 and 6 of the Law and its purposes and in accordance with the principles that are stipulated under the article 2 and 3 of this data protection declaration.

  1. Your Rights Aiming To Protect Personal Data

Under the relevant legislation, in terms of your processed personal data, you are entitled to the rights below:

  • Learning whether your personal data has been processed or not,
  • If it has been processed, demanding information concerning said actions,
  • Learning the purpose of the processing and whether data has been used accordingly,
  • Learning third parties within/without the country which personal data has been transferred to,
  • Demanding the correction of defectively or wrongfully processed data,
  • Demanding de erasing or destruction of the personal data,
  • Demanding the notification of third parties which the personal data has been transferred to concerning the correction, erasing or destruction of the personal data in case the data has been defectively or wrongfully processed,
  • Objecting to an outcome produced against one’s himself/herself by means of exclusively automatic systems’ analyses,
  • Claiming damages should damages occur by unlawful processing of the personal data.

Pursuant to the Law, you can convey your applications regarding your personal data with the form you can find//   and by means of any of the below listed channels:

  • You can authenticate your identification and personally apply to the address of Saray Mah. Dr. Adnan Büyükdeniz Cad. Akkom Ofispark:2 Blok:4 Cessas Plaza  K:3 Ümraniye/İstanbul or to any of our branches or
  • By applying to the Company’s  address via your registered e-mail address or
  • By applying to the Company’s  address via your personal e-mail address with the condition that it must contain secured electronic signature or mobile signature; or via the e-mail address that was previously declared to the Company by you and registered within our system or
  • By using other methods provided by the Communique Regarding the Principals and Procedures of Application to the Data Controller.

The Company shall finalize the applications within the 30 (Thirty) day period following the application as per the Article 13 of the Law. If the procedures require expenditure, tariff determined by the Board of the Personal Data Protection shall be applied. In case the application is denied, the rejection shall be justified in writing or in electronic environment.