This disclosure text has been prepared by Tera Investment Bank ("Bank") as the data controller within the scope of the obligation to inform the relevant persons whose personal data are processed in accordance with Article 10 of the Personal Data Protection Law No. 6698 ("Law") and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation.

Your personal data may be collected by our Bank within the framework described below; in order to provide the Bank's products and services in the country in an uninterrupted and secure manner, may be processed in the ways listed in the Law and may be transferred to third parties.

Your personal data are processed and securely stored within the framework of the general principles stipulated in the Law and for the purposes and legal reasons set out below and are protected by taking necessary and adequate security measures.

1. Methods of Collecting Your Personal Data

Your personal data may be collected through all Banking Service Agreements, General Credit Agreements and other agreements/information forms and documents related to banking transactions issued with your approval and/or signature in accordance with the Banking Law No. 5411 and other relevant legislation mentioned above, through notifications you will make with your electronic approval and/or signature, through your requests and complaints you submit to us, and by providing the documents required during insurance transactions, Through documents, forms and agreements needed in line with KYC and investment activities, through channels such as Head Office, Internet Banking, Call Center, verbally, in writing or electronically, fully or partially automatic or non-automatic as part of any data recording system, institutions and organizations we cooperate with, notices and warrants sent by official institutions, domestic Banks and other third parties. It is collected through various methods and camera recordings that can also be obtained from outside our Bank, including domestic banks and other third parties.

2. Purposes and Legal Reasons for Processing Your Personal Data

Although the purposes of processing your personal data may vary according to your relationship with the Bank and the products, services provided to you and the permissions given by you, your personal data processed by our Bank are processed for the following purposes:

Banking Law No. 5411, Law No. 5549 on Prevention of Laundering Proceeds of Crime, Insurance Law No. 5684, Turkish Commercial Code No. 6102, Capital Markets Law No. 6362, sub-regulations made in relation to these laws and the provisions of other laws concerning the activities of our Bank, to be used in all kinds of banking, capital markets, insurance agency and other products and services, including credit, transfer transactions, including those that our Bank can offer as an intermediary and agent, and to provide products and services within the scope of banking, finance, investment, portfolio management; to fulfill the instructions communicated by you regarding our products and services; to make transfers of securities such as money, foreign currency, gold, to carry out payment transactions; to determine the identity, address and other necessary information of the transaction owner; to carry out electronic (SWIFT, internet / mobile banking, etc.) or paper transactions; to comply with the information retention, reporting and information obligations stipulated by the relevant legislation, the Banking Regulation and Supervision Agency (BRSA), the Ministry of Commerce, the Central Bank of the Republic of Turkey, the Banks Association of Turkey and other competent authorities; to provide the requested / other Bank products and services and to fulfill the establishment and performance of the contracts to which it is a party, in accordance with Articles 5 and 6 of the Law.

The aforementioned processing purposes and the legal grounds for such processing purposes are as follows:

Purposes of processing personal data processed based on the legal grounds of 5/2 (a) "cases expressly stipulated in the Law" and 5/2 (ç) "cases that are mandatory for the fulfillment of a legal obligation" of the Law → Execution of communication activities, Execution / Supervision of Business Activities, Execution of Business Continuity Activities, Execution of Goods / Service Sales Processes, Follow-up of Demands / Complaints, Execution of Contract Processes, Execution of Finance and Accounting Affairs, Follow-up and Execution of Legal Affairs, Execution of Goods / Service After Sales Support Processes, Providing Information to Authorized Persons, Public Institutions and Organizations.
The purposes of processing personal data processed based on the legal reason 5/2 (c) of the Law "In case it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract" → Execution of activities in accordance with the legislation, Execution of Finance and Accounting Affairs Execution of Communication Activities, Execution of Business Activities, Execution of Business Continuity Activities, Execution of Goods / Service After Sales Support Processes Execution of Goods / Service Sales Processes, Execution of Studies for Customer Satisfaction, Execution of Contract Processes, Follow-up of Requests / Complaints.
The purposes of processing personal data processed based on the legal ground 5/2 (f) of the Law "Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject" → Ensuring Physical Space Security, Creating and Tracking Visitor Records, Execution of Activities in accordance with the Law.

In addition to the above-mentioned processing purposes, if you have your permission, your personal data will also be processed and used by our Bank in order to use it in the presentation and promotion of our products and services that are within the scope of the legislation and outside the purpose of becoming a customer with our Bank, to plan and implement product, service and offer activities specific to you, to develop product, service working model offers, profiling, segmentation, in-bank target creation, scoring, risk analysis, customer relationship management, in-bank performance tracking and analysis studies, statistical studies, market research, customer satisfaction surveys.

For security practices at the workplace and for the legitimate interests of our Bank, your camera images may be recorded at the head office and the buildings used by our Bank.

3. Information on the Processing of Personal Data of Persons Subject to the Risk Group

Pursuant to Article 49 of the relevant provision of Law No. 5411, you, your spouse, your children and the qualified shareholders, members of the board of directors and general manager of a bank, or partnerships in which you, your spouse, your children and the aforementioned are board members or general managers, or partnerships in which they or a legal entity jointly or individually, directly or indirectly control or participate with unlimited liability, partnerships which they control directly or indirectly, jointly or individually, directly or indirectly, or in which they are partners with unlimited liability, or in which they are members of the board of directors or general managers, and real persons and legal entities that have surety, guarantee or similar relationships to the extent that the insolvency of one of them will result in the insolvency of one or more of the others constitute a "risk group".

Other natural and legal persons to be included in the risk group are determined by the BRSA, and even if you are not our customer, your personal data may be processed by our Bank in order to fulfill our legal obligations, especially banking legislation, to determine risk groups, to determine the total amount of credit that can be provided to persons within the same risk group, to determine the credit limits to be extended to a risk group according to the banking legislation, to determine, monitor, report, control, perform creditworthiness assessments and to manage the legal and financial risks of our Bank.

In this context, your identity and financial data are processed for the purposes of carrying out activities in accordance with the legislation and carrying out and implementing risk management processes, based on the legal reasons that it is clearly stipulated in the laws and is mandatory for the fulfillment of a legal obligation.

4. Persons / Organizations to whom Your Personal Data may be Transferred for the Purposes Specified Above

Public Institutions and Organizations such as BRSA, Capital Markets Board, Financial Crimes Investigation Board (MASAK), Ministry of Treasury and Finance, CBRT;
Persons or entities that are our service providers in the nature of natural persons and private legal entities and permitted by the provisions of the Banking Law and other legislation for the purposes of carrying out the corporate processes of our Bank, ensuring that our customers benefit from the products and services offered by our Bank in the best way possible, fulfilling our legal obligations, ensuring data security at the highest level; including but not limited to financial institutions and other third parties listed in Article 73 of the Banking Law No. 5411;

For domestic money and securities transfer and securities custody requests, domestic and foreign banks and settlement institutions, relevant insurance companies, the Risk Center of the Banks Association of Turkey, domestic banks and financial institutions and other third parties from which we receive services to carry out banking activities, with which we cooperate, with which we cooperate, with which we are program partners.

You can submit your applications and requests regarding your personal data as stated above, but not limited to these, and other requests regarding the implementation of the KVKK to our Bank via [email protected] by using the KVKK Data Owner Application Form from your e-mail address previously registered in the system, with a secure electronic signature in case you do not have an e-mail address registered in the system, or through a notary public or directly to the company address, and by following the procedures in the application form by other methods to be determined by the Personal Data Protection Board.