In accordance with the provisions of Personal Data Protection Law no. 6698 (“KVKK”), Capital Markets Law no. 6362, Communiqué on Portfolio Management Companies and Activities of Such Companies (III-55.1) which is issued by Capital Markets Board and other legislation, "Personal Data", defined as any information that makes the customer's identity specific or identifiable will be processed within the following scope by Garanti Portföy Yönetimi A.Ş. (herein after “GPY” or "Company") as “Data Controller”. The Data Controller to whom you can apply within the scope of KVKK provisions is GPY.
Within the scope of the Law, "Data Processing" refers to all kinds of operations performed on personal data, such as obtaining, recording, storing, retaining, updating, classifying, sharing with or transferring to third parties permitted by the legislation, in whole or in part, by automatic or non-automatic means provided that it is part of any data recording system.
As the data controller, we keep all kinds of personal data shared by you by acting in accordance with the relevant legislation and by taking all necessary technical and administrative measures to ensure the appropriate level of security for your personal data.
Personal Data Collected by Us
Within the scope of the relationship we will establish depending on the nature of the products and services you will receive from our Company, personal data, which differ depending on the type, nature, history, method of obtaining the data and the following purposes of the relationship between the Company and the person concerned, and which are processed in accordance with the principles in the Law and our Company's Personal Data Processing and Protection Policies, are generally as follows, including but not limited to:
ID Information: Name, surname, Turkish ID number, passport number, place of birth, date of birth, gender, marital status, spouse/children information, citizenship status, nationality information registry information
Visual records: Photograph
Contact Information: Contact information such as address, e-mail, registered e-mail address, mobile phone, landline phone and fax number, as well as communication records within the scope of telephone calls, video calls and e-mail correspondence, other audio and video data,
Marketing Data: Data obtained through shopping history information, surveys, cookie records, campaigns in line with the consent of our customers, prospective customers and other real persons who may be relevant,
Data on Commercial Life: Various demographic information that identifies the data subject, such as information on real persons in documents for legal entities such as tax certificate, trade gazette, authorization certificate, trade registry documents, qualification documents, signature circular and activity certificate, information on the taxpayer status of the person,
Finance Data: Pricing, reconciliation, customer information, uniform numbers for the products and services received by the customer from the Company, credit reference numbers, credit card numbers, account numbers, IBAN, detailed and all kinds of financial data regarding collection and payment activities,
Data About Your Education, Business and Professional Life: Occupation, title, employment information, educational background, curriculum vitae information,
Legal Information: Data such as information in correspondence with judicial authorities, information in the case file, information kept within the scope of alternative dispute resolutions, data in all kinds of administrative and judicial authorities notified to our Company,
Camera and Entrance – Exit Records: Data such as entrance and exit records and camera footage of employees and visits in order to ensure physical security in the premises of our Company.
Personal Data Collection Method
Your personal data is obtained during the services provided by Garanti Portföy Yönetim A.Ş. and personal data may be obtained during face-to-face meetings, as well as through the website, e-mail, social media channels. Your personal data may be collected verbally, in writing or electronically through channels such as T. Garanti Bankası A.Ş’s Head Office, Branches, Mobile and Internet Branch.
Personal Data Processing Purposes and Legal Reasons
Your personal data acquired by Garanti Portföy Yönetim A.Ş. are basically processed for the following purposes and legal reasons, particularly provision of safe, effective and top quality services to you:
Your personal data obtained by our company is processed primarily for used in all kinds of products and services offered to you within the scope of the relevant legislation and contract, to record the identity, address and other necessary information to identify the person who made the transaction, to record all necessary information in electronic or paper media showing the transactions carried out within the scope of the contract,to organize receipts, records and documents, to keep and store records and documents for the periods stipulated by law, to ensure transaction security, to fulfill the information storage, reporting and information obligations stipulated by the legislation, Capital Markets Board and other authorities and to offer requested or other GPY products or services, and to fulfill the requirements of the Agreement.
| Proccessing Purposes | Legal Reasons |
|---|---|
| Recording the identity, address and other necessary information in order to recognize the customer, to carry out identification and confirmation procedures, and to identify the information of our customers in the transactions they will carry out, |
|
| Providing products and services and other ancillary services within the scope of the Capital Markets Law and legislation and carrying out, executing, developing, and carrying out operational processes related to these transactions, collecting, updating and storing information by arranging forms in order to have sufficient information about our customers' risk and return preferences, investment instruments and financial situations, fulfilling the requirements of the contract(s) you have signed with our company. |
|
| For performance of our obligations arising out of the Capital Markets Law, the Law on Prevention of Laundering of Crime Revenues, and other applicable laws and regulations |
|
| For analysis and further development of company systems, and conduct of information security processes, and installation, management and application of infrastructures for information systems |
|
| For building the Company’s business processes and activities, and for planning and conduct of operational processes and purchasing operations |
|
| For management of relations established with business partners or suppliers, and for provision of support services after sales of services |
|
| For protection of reputation of our Company, and development of its business relations, and determination of its strategies, and planning and performance of its business activities and operational processes, and management of its corporate communication activities |
|
| For management of legal and execution proceedings, and follow-up and handling of other legal processes involved in by our Company other legal processes involved in by our Company |
|
| For handling and management of relations and business affairs of our Company with its controlling shareholder and controlling shareholder of the main partner and its shareholders domestic and foreign branches and subsidiaries |
|
| For protection of transaction security in the course of use of electronic channels, and for protection of our customers, Company and system as a whole against fraud, swindling and other attacks that may be incurred by our customers in all types of physical or electronic media and environments, and for keeping the logs in the case of use of internet access |
|
| For storage and safeguarding of information requested by juridical and administrative authorities like the Capital Markets Board, the Central Bank of the Republic of Turkey, Banking Regulation and Supervision Authority, the Financial Crimes Investigation Board, Borsa Istanbul, the Turkish Revenue Administration, Capital Markets Licensing Registry and Training Institution Incorporation the Turkish Capital Markets Association to which we are obliged to give information, and for reporting and information to these authorities |
|
| To offer our services, within the scope of the Capital Markets Law and all applicable legal legislation asset management, launching fund, valuation and share price calculation, calculation of fund income and expenses, distribution of fund, participation share issuance and redemption, fund buying and selling investment consultancy, investment research, including financial analysis and investment advice, and other ancillary services, through all channels including electronic channels. |
|
| Planning and implementing product, service and offer activities, including those that are within the scope of special legislation for our customers and are outside the scope of your purpose of being a customer of our Company; making product, service and working model offers for the purposes of improving, updating and renewing products and services with the developing technology, profiling and segmentation, creating internal targets, managing scoring customer relations, using them in internal performance monitoring and analysis studies, designing financial service delivery models with statistical studies, conducting market research |
|
| For the sake of legal and physical security, and as a proof for the transactions executed by using the services, and as a requirement of our legal obligations, recording of camera views and photographs in our Company’s headquarters building and additional service units, and processing of your biometric photographs on your T.R. identity cards for security and identification purposes |
|
| For carrying out inspection, control, risk analysis and other audit activities, |
|
| For planning, supervision and implementation of our corporate sustainability, corporate governance, strategic planning and information security processes |
|
Your personal data are collected and acquired in all types of verbal, written, visual and electronic media for the purposes tabulated hereinabove and for provision of the products and services within the legal framework specified herein and for full, complete and smooth performance by Garanti Portföy Yönetim A.Ş. of all of its legal and contractual obligations. Legal reasons underlying the collection of your personal data are KVKK (Personal Data Protection Law) and other applicable laws and regulations appertaining thereto. Your personal data are processed by Garanti Portföy Yönetim A.Ş. by automatic and non-automatic methods and ways in case of receipt of your explicit consent pursuant to article 5/1 of KVKK or alternatively in reliance upon certain legal motives pursuant to and under article 5/2 of KVKK.
Your sensitive personal data may be processed only in case of receipt of your explicit consent pursuant to article 6/1 of KVKK. Garanti Portföy Yönetim A.Ş. may process your sensitive personal data only with your prior explicit consent. And as per article 6/3 of KVKK, personal data relating to health and sexual life may be processed by authorized institutions and entities or by persons under secrecy obligations for the sake of protection of public health, and for preventive medicine, medical diagnosis, treatment and care services, and for planning and management of healthcare services and their financing, without an explicit consent of the data subject. Accordingly, in accordance with article 6/3 of KVKK, in cases or events stipulated in the applicable laws, personal data not related to health and sexual life may be processed without an explicit consent of the data subject. This means to say that in cases or events stipulated in the applicable laws, your personal data not related to health and sexual life may be processed by Garanti Portföy Yönetim A.Ş. without an explicit consent of you.
Furthermore, as per article 6/3 of KVKK, your personal data relating to health and sexual life may be processed for the sake of protection of public health, and for preventive medicine, medical diagnosis, treatment and care services, and for planning and management of healthcare services and their financing.
Transfer of Personal Data
Where required by the applicable laws and regulations or where permitted by you, your personal data may be shared with third party persons or entities for the purposes and motives set forth in Section IV of this Public Disclosure Text by taking all kinds of technical and administrative actions and measures required for establishment of an appropriate level of security pursuant to KVKK and other applicable laws and regulations. These persons or entities may vary depending on the probable changes in pertinent laws, but are nevertheless the following parties in general.
Your personal data are transferred to the following parties for the following purposes and legal reasons:
It can be transferred to public and private legal entities expressly authorized by law, including but not limited to the organizations listed below, in cases permitted by the Capital Markets Law No. 6362 and relevant legislation and for the purposes specified in this text. Financial institutions listed in Article 73/4 of the Banking Law No. 5411 and other third parties, public and/or private legal entities such as Banking Regulation and Supervision Agency, the Central Bank of the Republic of Turkey, the Financial Crimes Investigation Board, the Turkish Revenue Administration, Capital Markets Licensing Registry and Training Institution Incorporation, Turkish Capital Markets Association and Borsa Istanbul, the controlling shareholder and parent of our Company. It can be transferred to the controlling shareholder of the partner and its domestic and foreign branches and subsidiaries, directly or indirectly, to our domestic/foreign subsidiaries, to Company's service providers, collaborators or program partner organizations to carry out its activities subject to the specified purposes, and to domestic/international banks and other third parties.
| Transferees | Our Purposes of Transfer |
|---|---|
| Public entities and authorities and juridical authorities who are legally authorized to get information |
|
| Persons and entities, entities deemed as financial institutions and other applicable laws and regulations and other third parties permitted by the Capital Markets Law, and such public legal entities as the Banking Regulation and Supervision Authority, the Central Bank of the Republic of Turkey, the Financial Crimes Investigation Board, the Turkish Revenue Administration, the Capital Markets Board, Borsa İstanbul due to the legally required reporting processes |
|
| Our controlling shareholder, other persons within the same group of companies as our controlling shareholder, BBVA S.A, companies and their subsidiaries and affiliates that carry out intermediary activities for the purpose of providing the products and services to be given to you (For instance: T. Garanti Bankası A.Ş., Garanti Emeklilik ve Hayat A.Ş., Eureko Sigorta A.Ş., Garanti Konut Finansmanı Danışmanlık Hizmetleri A.Ş., Garanti Faktoring A.Ş., Garanti Finansal Kiralama A.Ş., Garanti Ödeme Sistemleri A.Ş., Garanti Yatırım Menkul Kıymetler A.Ş.) |
|
| Program partner organizations, domestic and foreign banks and other financial institutions from which we receive services or cooperate to carry out portfolio management and all other related products and services offered by our Company within the scope of the Capital Markets Law and relevant sub-legislation. |
|
Your Rights Relating to Protection of Personal Data
You may apply to our Company and:
a) May ask whether your personal data are processed or not,
b) If processed, may request information thereabout,
c) May ask, for which purposes, and whether your personal data are used for the intended purposes or not,
d) May learn the identity of third parties with whom your personal data are shared within Turkey or abroad in accordance with the laws,
e) If you think your personal data are processed incompletely or inaccurately, may request completion or correction of them,
f) May request deletion or destruction of your personal data within the frame of conditions stipulated in article 7 of the Law,
g) May request the transmission of your requests stated in subparagraphs (e) and (f) hereinabove to third parties to whom your personal data are transferred,v h) May raise an opposition against any consequences in your disfavour due to analysis of your personal data by automatic systems,
i) If you think that your personal data are recorded or used unlawfully, and if you have actually incurred damages due to that reason, may claim indemnification of your damages.
Your personal data are carefully protected within the reach of available technical and administrative means, and the required security actions and measures are taken at a level appropriate for the probable risks by also considering the technological opportunities.
You may transmit your requests under KVKK;
• By delivering the same in writing and by hand to our Head Offices,
• By sending via a notary public,
• By delivering the same with secure electronic or mobile signature to our Registered Electronic Mail Address of garantiportfoy@hs03.kep.tr, by using your registered electronic mail address or your electronic e-mail address registered in our If any application filed by you for the aforementioned purposes requires an additional cost, you may need to pay a fee as specified in the tariff to be designated by the Personal Data Protection Board. Your requests in your application will be responded as soon as possible and in any case within no later than 30 (thirty) days, depending on the kind of your request.
