KVKK Clarification Text

This Clarification Text regarding the processing of your personal data (“Clarification Text”) by Deniz Faktoring A.Ş. (“Deniz Factoring”) was drafted in accordance with Turkish Law No. 6698 on the Protection of Personal Data (the “Kişisel Verilerin Korunması Kanunu” or “KVKK”). The purpose of this document is to inform you about the personal data processed by Deniz Factoring in relation to its activities, products, and services. It outlines the methods used for obtaining your personal data, the legal grounds and objectives for processing this data, and the entities to whom your data may be disclosed, including the reasons for such disclosure. Additionally, this text aims to inform any natural persons whose personal data is processed about their rights under the KVKK.

Deniz Factoring acts in the capacity of Data Controller pursuant to the KVKK and takes the necessary measures when processing and storing your personal data.

You can find out more about our company in the table below.

Title

Deniz Faktoring A.Ş.

Address

Esentepe Mahallesi, Büyükdere Caddesi, No: 141, Kat:16 Şişli / İstanbul

Mersis No / Ticaret Sicil No

0291 0141 6680 0019 / 398 630-346 212

1. Personal data that is processed

The types of personal data* processed by Deniz Factoring are listed by category in the table below.

Data Category

Personal Data

Identity Information

Name, surname, mother and father’s name, date of birth, place of birth, marital status, identity card serial number, Turkish ID number, etc.

Contact Information

Address, email address, contact address, registered electronic mail address (KEP), telephone number, etc.

Location

Information about your current location, etc.

Legal History

Information in correspondence files with judicial authorities, information in case files, etc.

Customer Transactions

Call center records, promissory notes, check and invoice information, valuations, collateral, credit information and other related transaction information, compliance and relevance test results, orders, transaction request information, etc.

Risk Management

Information processed for the management of commercial, technical, and administrative risks, etc. (e.g. asset/income information, demographic information, data obtained from the Turkish Risk Center, TCMB—the Central Bank of the Republic of Turkey, GIB—the Turkish Revenue Administration, KKB—the Turkish Credit Bureau, KPS—Turkish Identity Sharing System, APS—Address Registration System, information on debt owed to the Turkish Credit Bureau, score information, information on fraud and money laundering controls)

Professional Experience

Occupation, title, employment history, educational status, etc.

Transaction Security

IP addresses, login and logout information, device types, passwords, etc.

Financial Information

Balance sheets, financial performance information, credit and risk information, asset information, etc.

Visual and Audio Recordings

Call center recordings, audio-visual recordings, etc.

Physical Space Security Information

Physical space (workplace, building) entry and exit records, camera recordings, etc.

*If you intend to submit any signature circulars or other documents related to representation and authorization during the contract processes that contain sensitive personal data, such as information related to religion and blood group, we kindly request that you remove or redact such sensitive data from the documents before submitting them to us.

2. Methods of obtaining your personal data

Deniz Factoring collects and processes your personal data across several categories. These include identity information, contact information, legal history, customer transactions, risk management, financial information, professional experience, and visual and audio recordings. This data collection is part of the process when you send a request, fill out a form, or submit information or images of documents. It enables you to benefit from our products or services, become a customer, or contact us in any way, often through automated means. You may be involved in a collateral transaction with our clients and/or Deniz Factoring, either as a guarantor, pledge debtor, or in other roles such as spouse, where consent is required by law. If you are an authorized representative acting on behalf of our client, such as a company official, proxy, guardian, or trustee, we may also collect your data. Data is collected through various channels. These can be physical (e.g. our head office, branches, mail, cargo, fax, or printed forms) or digital (including mobile apps, websites, customer contact centers, electronic mail, and telephone). We gather this information directly from you or from our legal entity or real person merchant customers.

You may also have provided us with your personal data through various methods, including messages, requests, interviews, and channels such as social media, email, mail, fax, and text messages.

If you download the “Deniz''e Çek Gönder” mobile app or use any of Deniz Factoring’s digital service channels, we will take steps to service channels, we will take steps to ensure the security of your transactions. As part of this process, we may collect certain information. This includes the IP address of your device, your website login and logout details (traffic), and the type of device you use. We gather this data where necessary based on your requests and the nature of the products and services we offer you. Additionally, we may collect information about your operating system, password details, and information on how you access and use these services. We may, with your consent, process your location information in order to personalize branch information according to your current location.

We may collect your personal data through various methods across the following categories: identity information, contact information, legal history, customer transaction history, risk management, financial information, visual and audio recordings, and physical space security information:

We collect your personal data in ways that are permitted by relevant legislation and agreements. This includes obtaining information from systems shared by various institutions and organizations. Data may also come from our controlling shareholder, Denizbank A.Ş., and from companies within the DenizBank Financial Services Group that provide support or services under service agreements. Additionally, we gather information through system integrations with public institutions for intelligence activities, such as the KPS (Turkish Identity Sharing System), APS (Address Registration System), Risk Center of the TBB (Banks Association of Turkey), and the Association of Financial Institutions, and from parties from whom our company receives services that complement or extend our company’s activities, which mediate the establishment of a contractual relationship with our company. Our data sources also include service providers and business partners, such as correspondent factoring companies, dealers, and sales offices. Publicly available sources such as news in the media, online records, or directories are also used. Furthermore, we collect data through messages, requests, visits, and interviews, either entirely or partially through automated means;

We may also collect such data through non-automated means, including data recording systems, from individuals authorized to represent you, businesses under your ownership or affiliation (such as investment companies, partnerships, or joint ventures), as well as directors, partners, agents, representatives, trustees, officers, or attorneys of such businesses. We may also obtain it from judicial authorities or public authorities as part of legal and enforcement proceedings.

(*For information regarding the group of companies with which Deniz Factoring is associated, including our main shareholder, subsidiaries, and affiliates, please visit https://www.denizbank.com/hakkimizda/denizbankin-iliskili-kuruluslari. )

3. Legal grounds behind and purposes for the processing of your personal data

We engage in various activities for different legal purposes. The table below outlines these legal reasons and the purposes of processing your data. We process your personal data in a controlled, restricted, and carefully measured manner for the following purposes.

PERSONAL DATA CATEGORIES

WHY WE PROCESS YOUR PERSONAL DATA

LEGAL GROUNDS

Identity information, contact information, customer transaction history, legal history, risk management, financial information, professional experience, visual and audio recordings, and transaction security information

To maintain thorough records of factoring transactions and the full range of products and services we offer, which may also encompass services provided as agents; to fulfill, execute, and revoke risk management transactions related to the customer/loan/service; to manage invoice transactions efficiently and accurately; to offer a comprehensive spectrum of products and services, including those that may be performed in accordance with the relevant legislation as stipulated in the factoring agreement; to fulfill our obligations and responsibilities in relation to these, establish contracts, execute our contractual and operational processes, and ensure compliance with internal systems, risk monitoring, and information obligations; to provide other services determined by the BDDK (Turkish Banking Regulation and Supervision Agency), receive requests for these services, conduct and execute the contracts and transactions concluded, and improve processes in compliance with Turkish Law No. 6361 on Financial Leasing, Factoring, Financing, and Savings Financing Companies (Law No. 6361), as well as other applicable regulations;

To establish our debt collection structuring policy, to conduct risk monitoring and analysis processes, create and implement surety or guarantee agreements when needed to secure legal relationships between our company and merchant customers (whether legal entities or individuals), and to determine the values of movable or immovable properties used as collateral for asset valuation;

In accordance with the provisions outlined in subparagraph (a) of paragraph 5/2 of the KVKK, where processing of personal data is expressly mandated by the law; in accordance with subparagraph (c), when it is essential to process personal data of contractual parties directly associated with the initiation or execution of a contract; and in accordance with subparagraph (ç), when the data controller is obliged by the law to fulfill its legal obligations;

Identity information, contact information, customer transaction history, financial information, visual and audio recordings

To get in touch with you regarding our products or services, or for matters related to regulatory compliance and service provision purposes;

Identity information, contact information, customer transaction history, legal history, risk management, financial information, professional experience, transaction and physical space security information

To examine the credit history of various parties involved, including natural person customers, owners, managers, shareholders, partners, representatives, or real beneficiaries of legal entity customers, as well as guarantors, assignment debtors, or those related to the factoring transaction, such as the drawer or endorser of a submitted check, as well as determining creditworthiness and collateral viability; to conduct intelligence and information research, manage risks, prevent fraudulent activities, and execute credit sales, allocation, disbursement, monitoring, and follow-up processes within the context of evaluating requests for factoring transactions;

To monitor and record all visits in order to maintain the physical security of Deniz Factoring’s facilities, including head office, branches, and other premises, to share them with relevant authorities when required, and manage emergency situations effectively;

In accordance with the legal requirements stipulated under Article 5/2 subparagraph (ç) of the KVKK which mandates that “it is necessary for the data controller to fulfill its legal obligations,” and subparagraph (f) which asserts that “data processing is obligatory for the legitimate interests of the data controller, as long as it does not infringe upon the fundamental rights and freedoms of the data subject”;

Identity information, contact information, customer transaction history, legal history, risk management, financial information, professional experience, and transaction security information

In compliance with the relevant legislation, particularly Turkish Law No. 6361 and Turkish Banking Law No. 5411, to fulfill our legal obligations and cooperate with regulatory bodies and law enforcement agencies; to verify and update customer identity and contact information, keep data up-to-date, conduct risk analysis and management, and maintain information security processes; to conduct internal auditing, investigations, intelligence, and ethics audits; to conduct finance and accounting processes;

To adhere to the information storage, archiving, reporting, and disclosure obligations mandated by various authoritative bodies including the BDDK (Turkish Banking Regulation and Supervision Agency), SPK (Turkish Capital Markets Board), TCMB (Central Bank of the Republic of Turkey), the Turkish Ministry of Treasury and Finance, MASAK (Turkish Financial Crimes Investigation Board), TBB (Banks Association of Turkey), GIB (Turkish Revenue Administration), SGK (the Turkish Social Security Institution), KKB (Turkish Credit Bureau), KVK Kurumu (Turkish Personal Data Protection Authority), BTK (Turkish Information and Communication Technologies Authority), MMK (Turkish Central Registry Agency), KGF (Turkish Credit Guarantee Fund), and FKB (Turkish Association of Financial Institutions); to fulfill the information retention, archiving, reporting, and disclosure obligations specified by these entities and respond to information and document requests from these authorities in compliance with legislation aimed at preventing the laundering of the proceeds of crime and terrorism financing;

To obtain approval for commercial electronic messages pursuant to Turkish Law No. 6563 on the Regulation of Electronic Commerce and its subsequent regulations and utilize the system instrumental in enabling the management of the right of refusal and complaint processes (“İYS System”); to fulfill our obligations related to identity verification and access management in line with the Communiqué on the Management and Audit of Information Systems of Financial Leasing, Factoring, and Financing Companies;

Data processing activities are carried out on firm legal grounds, as expressly stipulated in Article 5/2, subparagraph (a) of the KVKK which mandates that “these actions are justified as they are explicitly mandated by law” and pursuant to subparagraph (ç) of the same article which adds “if it is compulsory for the data controller to fulfill its legal obligations”;

Identity information, contact information, customer transaction history, transaction security information, financial information, and risk management

To ensure the effective implementation of DenizBank Financial Services Group’s compliance program across the financial group in strict accordance with Article 5 of the Turkish Regulation on the Compliance Program for Obligations Regarding the Prevention of the Laundering of the Proceeds of Crime and the Financing of Terrorism; to ensure customers can be recognized, enable the intra-group sharing of account and transaction information, and ensure that information on customers is accurate and up to date;

Identity information, contact information, customer transaction history, legal history, financial information, visual and audio recordings

To manage all requests and complaints, including those relating to customer relations, experience, satisfaction, complaints, objections, requests, and suggestions; to follow up on and implement all legal, enforcement, and legal follow-up and litigation processes before judicial and/or administrative authorities;

To prepare the consolidated financial statements of the parent companies within the framework of the Turkish Banking Law, to plan or execute relationships with parent companies, and to manage and assess risks; to provide risk, audit, and operational services together with subsidiaries within the framework of the Turkish Banking Law and relevant legislation; to provide risk, audit, and operational services in order to comply with the Capital Markets Board legislation;

Based on the legal grounds of “being necessary for the data controller to fulfill its legal obligations” under Article 5/2(ç) of the KVKK and “being necessary for the establishment, exercise, or protection of a right” under Article 5/2(e);

Identity information, financial information, contact information, customer transaction history, and transaction security information

To manage, plan, and execute relationships and processes with our service providers, partners, or suppliers, and to fulfill our legal and commercial obligations under contracts with third parties with whom we have business relationships;

Pursuant to subparagraphs (c) and (ç) of Article 5/2 of the KVKK;

Identity information, contact information, customer transaction history, and financial information

To carry out advertising, marketing, and promotional activities for our products and services, including surveys and statistical studies; to execute campaign processes and to communicate with you for these purposes, to offer you proposals, and to provide marketing-related commercial electronic message sending services

with your explicit consent under Article 5/1 of the KVKK.

4. To whom and for what purpose your personal data may be transferred

Your personal data may be shared with the following parties on a limited and proportionate basis, in order to fulfill our obligations under Turkish Law No. 6361, the Banking Law, and other relevant legislation to which we are subject, and to achieve the purposes listed below:

• Institutions such as BDDK (Turkish Banking Regulation and Supervision Agency), SPK (Turkish Capital Markets Board), TCMB (Central Bank of the Republic of Turkey), the Turkish Ministry of Treasury and Finance, MASAK (Turkish Financial Crimes Investigation Board), SGK (Turkish Social Security Institution), KKB (Turkish Credit Bureau) (and/or the TBB’s Risk Center for the purposes of risk management or risk monitoring activities, or at least five banks or organizations established by financial institutions), KVK Kurumu (Turkish Personal Data Protection Authority), BTK (Turkish Information and Communication Technologies Authority), MMK (Turkish Central Registry Agency), KGF (Turkish Credit Guarantee Fund), and FKB (Turkish Association of Financial Institutions), as well as public institutions/organizations, ministries, and judicial authorities who are legally authorized to receive information under the provisions of the legislation, in order to make legal notifications and reports related to the provisions of Turkish Law No. 6361, the Banking Law, Turkish Law No. 5549 on the Prevention of Money Laundering, and Turkish Law No. 6362 on the Capital Markets, and to fulfill all our legal obligations, including the implementation of regulatory and supervisory activities,

• Third parties that we use to provide our services, such as service providers, individuals, institutions, and organizations with whom we collaborate; service providers such as dealers, sales offices, etc. offering services in matters such as consultancy, valuation, infrastructure or acting as intermediaries in establishing a contractual relationship with Deniz Factoring; partner organizations with whom we collaborate, subcontractors, and companies/organizations operating as brokers/agencies, mobile service providers authorized by the Information and Communication Technologies Authority (BTK); financial institutions, including banks, factoring companies, and insurance companies, located in Turkey and/or abroad to carry out factoring activities, provide products and services related to your request, fulfill our legal obligations such as providing, storing, and reporting information, and execute payment/collection and insurance processes,

• Authorities operating system integrations (KPS—Turkish Identity Sharing System, APS—Address Registration System, etc.) shared through public institutions and organizations, to enable us to process your requests correctly and make inquiries within systems for your security within the framework of customer identification obligations,

• Affiliated companies and subsidiaries within the Denizbank Financial Services Group, our shareholders, our direct/indirect domestic/foreign subsidiaries, companies for whom we act as agents, and persons, institutions, and/or organizations that are authorized to receive information under the provisions of the relevant law and other legislation in accordance with the provisions of Arti·cle 73 of the Turkish Banking Law, the activity expansion permits of the BDDK (Turkish Banking Regulation and Supervision Agency), and Turkish legislation on the Prevention of Money Laundering and the Financing of Terrorism,

• Courts, law firms, asset management companies, and independent audit companies for the purpose of auditing the compliance of activities with legislation for the purposes of following up and carrying out legal follow-up and litigation processes before all judicial and/or administrative authorities,

• Your personal data may be shared with other third parties, with your explicit consent, for the purposes specified in Articles 8 and 9 of the KVKK.

5. Your rights

According to Article 11 of the KVKK, you have the following rights regarding your personal data:

a) To find out whether your personal data has been processed,
b) To request information if your personal data has been processed,
c) To find out why your personal data has been processed and whether it has been used for the intended purpose,
d) To know the names of the third parties to whom your personal data has been transferred domestically or abroad,
e) To request correction of personal data if it is incomplete or improperly processed and to request that third parties be informed of the actions taken,
f) To request the deletion or destruction of personal data in the event that the reasons for the processing of such data no longer exist, despite the fact that it has been processed in accordance with the provisions of Turkish Law No. 6698 and other relevant laws, and to request that third parties be informed of the actions taken,
g) To object to a decision made against you as the result of your data being analyzed exclusively through automated means,
h) To request compensation in the event you face damages due to the illegal processing of your personal data.

Under the scope of the rights provided in Article 11 of Turkish Personal Data Protection Law No. 6698, you may submit any requests for information in compliance with the “Turkish Communiqué on Procedures and Principles for Requesting Information from the Data Controller.” These requests should be made in writing, with an original signature, accompanied by documents verifying your identity, and can be sent to the following address: Büyükdere Cad. No: 141, 34394 Esentepe, Istanbul, Turkey. Alternatively, you have the option to send your requests via a notary or using a registered electronic mail (KEP) address by emailing denizfaktoring@hs09.kep.tr.

Click to view the Personal Data Protection, Retention, and Disposal Policy.

Click to view the Explicit Consent Statement.

KVKK Retention and Destruction Policy

1- Purpose of the Data Protection Policy

In accordance with its legal and social obligations, Deniz Factoring (“Faktor”) is committed to complying with Turkish personal data protection regulations. This Personal Data Protection Policy (“Policy”) applies to all of DenizBank, the parent company of Faktor, and the subsidiaries under its control, in accordance with the applicable legislation, and is based on the fundamental principles of personal data protection that are recognized nationally in Turkey. This Policy is essential in order for Faktor to protect personal data, build reliable business relationships, and maintain its reputation in the public eye. It also sets out the necessary framework conditions for the transfer of personal data between Faktor and third parties listed in Annex 1, both domestically and internationally.

2- Scope and amendment of the Data Protection Policy

2.1 This Policy applies to all of Faktor, including its parent company DenizBank and the subsidiaries under its control, and is implemented for the purpose of processing personal data.

2.2 This Policy also applies to the customers of Faktor, its parent company DenizBank, and the subsidiaries under its control , as well as to other natural persons who do not have a specific framework agreement with Faktor and its parent company DenizBank, and subsidiaries under its control. The term “Faktor” in this Policy shall be deemed to include its parent company DenizBank and the subsidiaries under its control.

2.3 Data that has been rendered anonymous and is no longer capable of being associated with a specific individual, such as data obtained for statistical evaluations or studies, and data related to legal entities, is not considered personal data and is not subject to this Policy.

2.4 This Policy may be updated from time to time. We therefore kindly request that you visit www.denizfactoring.com regularly to access the latest version of the Policy.

3- Implementation of national laws

This Policy encompasses both Turkish national laws and internationally accepted principles of personal data privacy. National data privacy laws are taken as its basis, and in the event of a conflict between this Policy and internationally accepted personal data privacy laws, the relevant national law shall prevail.

4- Principles regarding the processing of personal data

4.1 Compliance with the law and rules of honesty: Personal data should be processed in a way that protects the individual rights of data subjects. Personal data must be collected and processed lawfully and fairly.

4.2 Processing of data only for specified, explicit, and legitimate purposes and in a manner that is limited to and necessary for those purposes -Personal data may only be processed for the specific purpose for which it was collected.

4.3 Transparency: The data subject must be informed about how their data is used. When personal data is collected, the data subject must be aware of or informed of the following:

a The identity of the data controller, and if applicable, the representative;
b The purpose for processing their personal data;
c To whom and for what purpose their personal data may be transferred;
d The method and legal basis for collecting their personal data;
e Their rights (Article XV).

4.4 Retention of personal data for the period specified in the relevant legislation or for the period necessary for the purpose for which it was processed. Faktor and its subsidiaries will process and retain personal data for as long as it is necessary for the purposes for which it is being processed. This includes compliance with relevant laws and regulations, and meeting the requirements set by regulatory authorities. Processing and retention will adhere to the guidelines outlined in this Policy (including the transfer or receipt of data from or to third parties listed in Annex 1 of this Policy).

4.5 Accuracy and up-to-dateness of the data: Processed personal data must be accurate, complete, and kept up to date. Appropriate steps should be taken to delete, correct, complete, or update inaccurate or incomplete data.

4.6 Privacy and data security: Personal data is subject to data privacy. Personal data should be considered confidential at a personal level and appropriate technical and administrative measures should be taken to ensure the appropriate level of security in order to prevent unauthorized access, unlawful processing or disclosure, as well as accidental loss, alteration or destruction, and to ensure the preservation of personal data.

5- Scope of data processing

5.1 Faktor shall have the right to process a data subject’s information, including personal data, in accordance with the purposes set out in Article VII of this Policy, during the period during which Faktor’s services are being used and after the termination of the contractual relationship.

5.2 The processing of personal data by Faktor includes any and all actions performed on data, regardless of whether they are performed automatically, semi-automatically, or manually, without any restriction. The processing of personal data means the following: collecting, recording, photographing, audio recording, videotaping, organizing, storing, modifying, restoring, retrieving, or disclosing data from data subjects or third parties listed in Annex 1 of this Policy for the purposes of transferring, disseminating, or making available in other ways, grouping or combining, blocking, deleting, or destroying; obtaining, recording, storing, maintaining, modifying, rearranging, disclosing, transferring, transferring abroad, acquiring, making available, classifying, or preventing the use of data, whether fully or partially, automatically or manually, as part of any data recording system (includes the transfer and/or disclosure of information to third parties listed in Annex 1 of this Policy who subsequently process the data in accordance with the purposes set out in this Policy).

5.3 Faktor and/or third parties listed in Annex 1 of this Policy process the data of data subjects, or third parties designated by data subjects. Data processing also includes the processing of data by third parties at the instruction of Faktor and/or when Faktor serves as a data processor, acting on behalf of and in accordance with the directives of a third party (the data controller). However, this is not an exhaustive representation of the data processing activities undertaken.

In accordance with the purposes set out in this Policy, the processing and/or transfer or disclosure to third parties listed in Annex 1 of this Policy of information relating to a natural person who is identifiable or can be identified includes but is not limited to the following personal data:

a) Name and surname of the data subject;
b) Personal identification number and/or unique feature on the data subject’s electronic identity card;
c) Official address and/or residential address;
d) Telephone/mobile phone number;
e) Email address;
f) Credit history (including both positive and negative, current debts and/or closed debts, credits and payment details) and payment capacity status (the data subject’s payment capacity score, criteria, and/or methodology);
g) Personal property and real estate owned by the data subject and their characteristics;
h) Data regarding the data subject’s employer and employment conditions (workplace, salary, working hours, etc.);
i) Data regarding the data subject’s bank account(s) held at banks operating in Turkey, including but not limited to, the balances of the relevant accounts over a certain period of time and date, and data on transactions made from these accounts over a certain period of time;
j) Cards and related card accounts issued by banks operating in Turkey, as well as data related to the balance of the relevant card for a certain period and date, data related to transactions made from these card accounts for a certain period, and access codes for the relevant cards;
k) Data regarding the data subject’s accounts/subscriptions recorded by various payment providers. This information includes, but is not limited to, the account/subscriber number, address, balances of subscription accounts at a specific time and date and/or accrued debt, transactions made from the subscription account and/or loading account, and/or debt payment, etc.;
l) Activities of the data subject and/or third parties specified by the data subject when using various electronic channels and/or the internet (including but not limited to web cookies, etc.) and when using the aforementioned channels (including but not limited to verification of these channels, actions taken, or transaction history);
m) Information on family members, relatives, and other people residing at the data subject’s residential address;
n) Other information on the customer that allows the data subject to be identified and/or characterized and/or grouped according to their physical, physiological, psychological, economic, cultural, or social characteristics, or by activities related to the transactions mentioned or listed above.

The personal data mentioned above shall not be included in the scope of personal data if it is anonymized.

5.4 If, in order to benefit from factoring services, the data subject provides Faktor with information about third parties (including but not limited to personal data, creditworthiness, asset status, etc.) (such as an additional card holder, guarantor, family members, employer, etc.), and Faktor processes this data, including personal data, for the purposes of factoring services and/or marketing, the data subject shall be personally responsible for obtaining consent from the relevant third parties in order for the relevant personal data to be processed by Faktor. If the data subject provides the information in question to Faktor (or its authorized personnel), it is assumed that the data subject has obtained the necessary consent and Faktor is no longer obliged to obtain this consent itself. If the data subject fails to comply with the obligation to obtain the consent of third parties or does not fully fulfill this obligation, the data subject shall be personally liable for any damage that Faktor may suffer. The data subject hereby agrees to indemnify and protect Faktor against any and all damages/losses (including but not limited to consequential damages), complaints, expenses (including but not limited to expenses incurred by Faktor due to the exercise of its legal rights), legal proceedings, and other obligations as a result of the data subject committing such a violation.

5.5 The processing of the data subject’s information by Faktor while using various electronic channels (including but not limited to web browsers, Faktor’s website, internet branch and mobile apps, the call center, and/or other technical methods and channels used for data transfer and reception) also includes the recording and processing of the data subject’s activities (for example, determining the location of the data subject while using the electronic channel, defining and analyzing input data, and/or other statistical data)

6- Fundamentals of data processing

6.1 The data subject hereby acknowledges that it is necessary for Faktor to process information about the data subject or third parties specified by the data subject for the following purposes during the use of Faktor’s services and even if the contractual relationship ends:

a) The provision of and/or implementation of a service to a data subject;
b) The protection of the legal interests of Faktor and/or third parties and/or the exercising or protection of the legitimate interests of the data controller;
c) The fulfillment of Faktor’s obligations under the legislation;
d) The processing of personal data belonging to the data subject, provided that it is directly related to the establishment or performance of a contract between the data subject and Faktor,
e) The processing of data when it is strictly necessary for the establishment, exercise, or protection of a right,
f) Other matters to which the data subject has given their consent,
g) Other matters expressly stipulated in the legislation.

6.2 Provision of consent by the data subject shall be taken to mean that they have accepted the Policy and its provisions.

7- Purposes of processing data

7.1 Faktor and/or the third parties specified in Annex 1 of this Policy may process the personal data of the data subject or third parties specified by the data subject for various purposes, including but not limited to the following:

a) Performing factoring services duly and properly;
b) Performing matters stipulated by the legislation for information retention, reporting, information, and provision of information to audit firms, the relevant representative or the representative party and regulatory and supervisory authorities, such as the BDDK (Turkish Banking Regulation and Supervision Agency), TCMB (Central Bank of the Republic of Turkey), MASAK (Turkish Financial Crimes Investigation Board), TBB (the Banks Association of Turkey), GIB (Turkish Revenue Administration), and Undersecretariat of Treasury;
c) Gathering intelligence, information research, surveys, and creditworthiness assessments, planning, statistics, archiving, storage services, and customer satisfaction studies;
d) Optimizing and improving Faktor’s services during its analysis of the data subject’s data regarding credit history, statistical data, etc.;
e) Preparing and delivering various reports, studies, and presentations;
f) Offering new or additional financing or non-financing products, or modifying existing conditions, which may require evaluating the financing and transaction history, as well as behavioral patterns of the data subject;
g) Ensuring security, as well as detecting and preventing fraud, money laundering, or other criminal activities;
h) Addressing complaints, questions, and requests from the data subject;
i) Verifying the identity of the data subject;
j) Providing property and security• k)Fulfilling, executing, and developing products and related transactions in compliance with all factoring transactions and activities as per the legislation;
l) Conducting promotional, marketing, and campaign activities for the aforementioned services and products;
m) Fulfilling contracts concluded with the customer;
n) Providing better and more reliable services to the customer, developing more suitable services and products, and sustaining them seamlessly;
p) Achieving other objectives prescribed in the relevant legislation.

8- Processing the data of applicants or employees

8.1 Processing of personal data for the purpose of concluding, performing, maintaining, and terminating service contracts: Faktor has the right to process personal information disclosed by an individual due to the commencement of their employment and/or internship for purposes including but not limited to fulfilling and maintaining the employment-related benefits arising from the employment contract, providing health insurance, personal accident insurance, international health insurance, life insurance, various insurance services, occupational health and safety services, and work permit procedures, evaluating individual job applications, conducting intelligence, research, other recruitment processes, performance assessment and tracking, and training activities, allocating healthcare resources, and executing educational processes, in accordance with the law.

8.2 If it is necessary during the request process to collect information about the applicant from third parties, compliance with the provisions of Turkish Law No. 6698 on the Protection of Personal Data must be ensured.

8.3 Processing of personal data that is related to the employment relationship but not initially part of the performance of the employment contract requires legal authorization. These include:

a) legal obligations,
b) the consent of the applicant (by electronic and non-electronic means) or,
c) the legitimate interest of Faktor or a third party and,
d) the purposes set out in paragraphs VI and VII of this Policy.

9- Processing of sensitive personal data

Sensitive data includes information about a person’s race and ethnic origin, political opinions, religious or philosophical beliefs, including sect, membership within a trust/foundation or union, health, sex life, criminal convictions, and security measures taken in relation to them, as well as their biometric and genetic data. Sensitive data may only be processed with the explicit consent of the applicant (data subject).

10- Obligations of the data controller and processor

10.1 Pursuant to the provisions of this Policy, Faktor may act as a data processor while processing some types of personal data, and may act on behalf of the data controller, including the third parties specified in Annex 1 of this Policy, or the relevant third parties may act as data processors for some types of personal data for which they are the data controller. Accordingly, each party involved in such a relationship (including the data processor, as well as the data controller and its subcontractor) must fully comply with the existing data protection legislation and strictly adhere to the provisions listed below:

a) Personal data must be processed in accordance with the principles set out in the legislation. The consent of the data subject must be obtained, and necessary information must be provided.

b) The processing of data transmitted from one party to another should be carried out without any limitations in order to achieve the purposes specified in sections VI and/or VII of this Policy.

c) Depending on the specificity of the process, if one party represents the data processor and the other represents the data controller during data processing, the data processor is obliged to do the following:

i. Process data that one party has transmitted/disclosed to the other party in accordance with the provisions of this Policy and within the scope permitted by the legislation or upon request from a regulatory authority;

ii. Implement reasonable technical and organizational measures and take every manner of action to prevent unauthorized processing, loss, destruction, damage, alteration, or disclosure of the data transmitted/disclosed by the data controller, and inform the data controller of every measure taken in this regard;

iii. Allow authorized Faktor personnel to inspect its data security measures and practices;

iv. Notify the data controller as soon as possible and no later than thirty days in the event of the following occurrences:

When a data subject requests information regarding their own personal data;

Submission of a complaint or statement regarding the compliance of the data controller with the obligations imposed by the legislation;

v.Cooperate with Faktor and support Faktor in examining a complaint or statement submitted/disclosed by Faktor, including providing the following:

Detailed information about the complaint and statement, including data about the data subject, within five working days from the date of the request, as transmitted/disclosed by Faktor to the data processor;

Access to the data held by the data processor (including electronic data) during the aforementioned period;

Relevant information within the aforementioned period;

vi. Prevent data processing (transfer) activity to a country and/or international organization that is outside the European Union Economic Area and not included in the list of countries with an adequate level of personal data protection in cases where the data owner or the Turkish Personal Data Protection Board does not grant permission for the transfer.

vii. Not transfer/disclose data to third parties without the prior written consent of Faktor. Even in cases where Faktor has provided prior written consent, the data processor is still obliged to transfer or disclose the data in accordance with a written agreement. Under this written agreement, third parties and their subcontractors are obliged to take all necessary technical and organizational measures to prevent unauthorized processing, loss, destruction, damage, alteration, or disclosure of the data.

viii. Indemnification of any kind of damage/loss that Faktor may incur due to the data processor’s failure (in accordance with the Policy and legislation) to take the necessary actions or to fulfill them fully. The data processor hereby consents and agrees to indemnify and protect Faktor against any and all damages/losses (including consequential damages), complaints, expenses (including those incurred as a result of Faktor exercising its legal rights), legal proceedings, and other obligations that Faktor may incur as a result of the data processor’s breach.

ix. Unless otherwise specified in the contract between Faktor and the data processor, the data processor is obliged to do the following upon termination of the contractual relationship between itself and Faktor:

Return any data (including personal data) transferred/disclosed by Faktor before the termination of the agreement. The relevant data must be returned in the form (format) in which it was received from Faktor and the processing of the data must cease immediately, and/or;
Take all necessary security measures to prevent unauthorized access to data by third parties, destroy personal data transferred/disclosed by Faktor, and notify Faktor to confirm that this action has been taken;

11- Transferring/sharing information to/with third party(ies)

For Faktor to provide adequate service to the data owner and to carry out data processing in compliance with the objectives outlined in sections VI and VII, it is essential to transfer or share data concerning the data owner and/or the third parties specified by the data owner to/with the third party(s) as specified in Annex 1 of this Policy. In accordance with these purposes; the data subject grants Faktor the rights to obtain, record, store, preserve, alter, reorganize, disclose, transfer, transfer abroad, acquire, make accessible, classify, or prevent the use of their personal data, whether through its Head Office units, branches, internet branch, mobile apps, call centers, public institutions and organizations, or through parties that provide services complementing or extending Faktor’s activities, and either by fully or partially automated means or, provided that it forms part of a recording system, by non-automated means.

12- Remote marketing

12.1 The data subject hereby grants Faktor the right to send commercial electronic messages under Turkish Law No. 6563 on the Regulation of Electronic Commerce, including sending SMS, voice, and/or other types of marketing messages (direct marketing), to the data subject’s phone number, email address, and other contact information in Faktor’s records, until the data subject exercises their right to refuse such communication. Faktor may continue to exercise this right as long as no objection is received from the data subject, either in written and/or electronic format, as determined by the agreement between the parties or as specified by the legislation.

12.2 The data subject hereby grants Faktor the right to share their personal data or confidential information with Faktor’s subsidiaries and main shareholders for the purpose of making various marketing offers. The data subject has the right to request that Faktor’s subsidiaries or main shareholders cease direct marketing activities.

12.3 For this specific paragraph, it should be noted that advertising or informational messages found at Faktor’s service locations (such as advertising brochures, promotional images, spoken offers, etc.) or content shown during the use of electronic channels, such as Faktor’s (or its subsidiary’s) internet branch and mobile app, are not classified as direct marketing. The data subject does not therefore have the right to request the cessation of these types of content being sent or displayed.

13- Video and audio recording

13.1 For the purpose of ensuring the security and protection of property and confidentiality, as well as for monitoring service quality, video and audio recordings are made around and at the entrances of buildings and workplaces, in accordance with the provisions of Turkish Personal Data Protection Law No. 6698. Additionally, phone calls to Faktor are recorded.

13.2 The data subject shall be informed that video recordings and surveillance is being conducted using appropriate means at Faktor’s relevant service points and during communication with Faktor. The data subject acknowledges the importance of video and audio recording and hereby consents to Faktor processing their data for this purpose.

14- Video and audio recording

14.1 The data subject acknowledges that any data (printed, visual, and/or auditory) about them published on Faktor’s website, at its internet branches, or on its mobile apps and other electronic media shall be considered to be the property of Faktor and that Faktor will hold the copyright over such data from the moment of publication of said data, provided that it is not classified as the personal data of the data subject.

15- Data updating, processing, and retention period

15.1 For the duration of Faktor’s services and beyond, Faktor will continue to process the information specified in this paragraph for a period of time consistent with Faktor’s purposes and interests, the requests of supervisory/regulatory authorities, and/or the legislation, for the purposes specified in this policy.

15.2 Data processing of the data transferred from the data subject to Faktor during the use of electronic channels (web browser, Faktor’s website, internet branches mobile apps, and/or other electronic data transfer tools) may continue even after the data subject deletes the data from the relevant electronic channels. Such data will continue to be retained for a period of time consistent with Faktor’s purposes and interests, the requests of supervisory/regulatory authorities, and/or the legislation.

15.3 Upon the request of the data subject, Faktor shall provide the customer with information about the customer’s personal data held by Faktor, within a scope that is in accordance with the legislation. Faktor has the right to charge a service fee for providing such information to the customer, except in cases where the law specifies that no fee can be charged for providing information to the customer.

15.4 If the data subject believes that the data held by Faktor about them is incomplete or inaccurate, they must notify Faktor immediately in writing.

15.5 Personal data shall be retained for the period specified in the relevant legislation or for the period necessary for the purpose for which it is processed. If the reasons for processing the personal data have ceased to exist, the personal data shall be deleted, destroyed, or anonymized by the data controller on its own initiative or upon the request of the data subject, despite having been processed in accordance with the provisions of the legislation.

16- Rights of the data subject

Every data subject has the following rights.

a) To find out whether their personal data has been processed,
b) To request information if their personal data has been processed,
c) To find out why their personal data has been processed and whether it has been used for the intended purpose,
ç) To know the names of the third parties to whom their personal data has been transferred domestically or abroad,
d) To demand the correction of any incomplete or incorrect personal data,
e) To request the deletion or destruction of personal data,
f) To demand that a notification is sent to the third parties to whom the data has been transferred regarding the procedures applied as per paragraphs (d) and (e),
g) To object to any adverse results brought about due to the analysis of the data solely by automated systems,
ğ) To request compensation in the event that they face damages due to the illegal processing of their personal data.

17- Privacy of data processing

17.1 Personal data is subject to data security. Employees of Faktor’s parent company and/or subsidiaries are prohibited from accessing, processing, or using this data in an unauthorized manner. Processing of this data by any employee of Faktor’s parent company and/or subsidiaries who has not been duly authorized to do so within the framework of their legitimate duty constitutes unauthorized processing. Employees of Faktor’s parent company and/or subsidiaries may only access personal information in a proper manner within the scope and nature of their respective duties. For that reason, it is essential to detail, differentiate, and implement roles and responsibilities.

17.2 Employees of Faktor, its subsidiaries, and/or affiliates are prohibited from using personal data for private or commercial purposes, sharing it with unauthorized persons, or making it accessible in any other way. Managers should inform their employees about their obligation to protect data confidentiality at the beginning of the employment relationship. This obligation shall continue even after the employment relationship is terminated.

18- Data processing security

18.1 Personal data should be protected against unauthorized access, unlawful data processing or disclosure, and accidental loss, alteration or destruction. This provision shall apply regardless of whether the data is processed in electronic or paper form. Until the advent of advanced data processing methodologies and cutting-edge information technology systems, it is imperative to deploy both technical and organizational safeguards to ensure the protection of personal data. These measures should be designed by taking into account the latest available technology, data processing risks, and the need to protect data.

19- Data protection control

Faktor consistently ensures adherence to this Data Protection Policy and the applicable data protection legislation through regular monitoring conducted by qualified personnel within the relevant departments. The responsible data protection authority may, in accordance with national laws, personally inspect the compliance of Faktor, its parent company, and affiliates with the provisions of this Policy.

20- Communication

The data subject must formally submit any inquiries concerning the implementation of this Policy and the Turkish Personal Data Protection Law in written form to the data controller. The data controller shall resolve the request for information free of charge within the shortest possible time and within 30 days at the latest, depending on the nature of the request. However, if the operation requires an additional cost, the fees set by the Turkish Personal Data Protection Board shall be charged.

Contact number: 0212 348 92 00

Cookie Policy

What are cookies

Like numerous other websites, Denizfaktoring.com utilizes cookies. These cookies are small text files sent to your browser by the website when you visit using a computer or mobile device. They assist in retaining information about your visit, such as your preferred language and other preferences resulting in an enhanced and personalized customer experience during your subsequent visits.

Types of cookies

A. Temporary cookies:
Temporary cookies are stored only for the duration of your browsing session and are automatically deleted once you close your browser.

B. Permanent cookies:
Permanent cookies remain on your computer or mobile device even after you close the browser or app. They are designed to recognize you upon your return to the website. Permanent cookies stay installed on your computer or mobile device until they expire, after which a new cookie is installed to maintain continuity.

C. Targeting/advertising cookies:
Advertising cookies are cookies that are installed by a third party while visiting an app/website. Advertising cookies are used to send certain information about your visit to our site to a third party.

D. Mandatory cookies:
These are essential and important cookies allowing you to create a user account, log in, and browse our website. Permanent cookies remain on your computer or mobile device after you close the browser or app, and are used to recognize you when you return to our website.

E. Performance and analytics cookies:
Performance and analytics cookies are used to collect information about how you use websites and apps (pages viewed, average visit time, etc.) in order to improve the overall performance of websites and apps for visitors.

F. Functionality cookies:
These are used to make your visit to the website easier and to improve your browsing experience. They remember certain settings, such as your preferred language, layout, or color scheme.

G. Tracking cookies:
Tracking cookies are used to track visitors’ internet browsing behavior and to collect data and information on their browsing behavior from the various websites they visit.

Deniz Factoring’s cookie usage

Deniz Factoring uses the information collected through cookies in accordance with its Privacy Policy.

By continuing to visit our site, you consent to the placement of cookies on your device. You have the option to decline cookies by adjusting the settings or options in your browser. However, to ensure the optimal experience during your visit to our website, we advise against refusing cookies.

Deniz Factoring reserves the right to modify its Cookie Policy as required.

Deniz Factoring uses three types of cookies:

1. Mandatory cookies:
These are essential and important cookies allowing you to create a user account, log in, and browse our website. Should you choose to disable these cookies, you may experience limited functionality on various sections of Denizfaktoring.com. Permanent cookies remain on your computer or mobile device after you close the browser or app, and are used to recognize you when you return to our website

2. Performance and analytics cookies:
These are designed to enhance your experience on websites and apps, ensuring a more efficient, faster, and secure usage. This kind of cookie enables the enhancement and personalization of the customer experience. The data collected encompasses information such as pages visited, redirect paths, the accessor’s platform type, date and time details, search terms, and any text entered during the visit.

3. Targeting/advertising cookies:
Targeting or advertising cookies are set by the advertising networks of Deniz Factoring with its knowledge and consent. Why these cookies are used;

- To display relevant and personalized advertisements
- To limit the number of advertisements displayed
- To measure the effectiveness of an advertising campaign
- To remember your visit preferences

How can cookies be disabled

If you refuse permanent cookies or session cookies, you can continue to use the website, but you may not be able to enjoy all of the website’s functions or your access may be limited.

To disable cookies:

- In Chrome, navigate through Settings > Privacy > Content Settings and choose the “Block cookies” option in your browser settings.

- ForInternet Explorer users: Navigate through Options > Internet Settings > Privacy > Settings.

- For Firefox users: Navigate through Tools > Options > Privacy > Cookie Acceptance Method and choose the “Until Firefox is closed” option. More information about turning off cookies can be found on the following sites:

- Cookies in Chrome
- Cookies in Internet Explorer
- Cookies in Mozilla Firefox

Privacy Policy

Deniz Faktoring A.Ş. obtains the information that is mandatory as per the relevant legislation and strictly adheres to collecting only the necessary information to provide customers with the best service and products. Confidentiality, security, and the use of collected customer information in accordance with your wishes are at the core of our approach at Deniz Factoring.

Customer information is kept confidential under the security measures established by Deniz Factoring. Access to this information by Deniz Factoring employees and officers is strictly governed by DFHG (DenizBank Financial Services Group) Security Policies. Such information is not shared with any individual or institution, except as mandated by law.

When outsourcing services, agreements with service providers must contain a clause on confidentiality of customer information. Additionally, these service providers and their employees are obliged to adhere to the confidentiality and secrecy regulations set forth in the DFHG Security Policies.

Customer information may only be shared with other institutions in line with customer requests. If you prefer not to receive information from Deniz Faktoring A.Ş., simply inform Deniz Factoring of your wishes on 0212 3489200.

The customer must accurately identify themselves in our systems to access information from Deniz Faktoring A.Ş. on the internet. The responsibility here lies entirely with the customer.

Deniz Factoring values your trust and is committed to maintaining the confidentiality of customer data in accordance with the applicable legislation.

DenizBank Financial Services Group’s Security Group

Deniz Factoring A.Ş. Protection of Personal Data ve Cookie Policy about.