Privacy Notice

Privacy Notice

Bank TURKIYE IS BANKASI A.S. Branch in Kosovo controls and processes the personal data provided by natural persons when they use the services that the Bank offers, either through physical presence or through online presence, when they use our website, online application and mobile application. Further in this text, the terms "Bank" and "we" and those derived from them refer to Bank TURKIYE IS BANKASI A.S. Branch in Kosovo. The term "you" and those derived from it refer to the users of our services/ our clients.

This privacy notice informs you about the collection, use and processing of personal data by the Bank. The rules presented in this notice apply to any form of data, whether stored electronically, on paper or on any other data storage device.

The bank takes special care in protecting and securing the privacy and personal data belonging to our clients. This issue represents a legal obligation for us in accordance with Law No. 06/L-082 on Personal Data Protection and other legal acts. As part of our approach to show maximum care in the protection of personal data of clients and to act in accordance with the relevant legislation, we have prepared detailed regulations on this issue and have accepted the principle of protecting the personal data of our clients in all our practices. In addition, we have prepared procedures to ensure that all our employees display the highest level of care in this matter.

Personal data that is automatically or non-automatically stored and/ or electronically disclosed by our website visitors, will be used primarily to fulfill their requests and then to provide them with better online banking services. Also, in accordance with our Bank's privacy notice, we take due care to protect and secure your personal data.

Our bank takes measures to ensure that the support providers of our services always comply with the standards, privacy requirements of our Bank and act in accordance with Law No. 06/L-082 on Personal Data Protection and other legal acts.

Accordingly, our fundamental approach is to protect all personal data belonging to the Bank and our clients, from unauthorized access, fraudulent use and alteration, corruption and destruction, as well as ensuring privacy, integrity and availability of information.

When you share your personal data with our Bank, they will only be used for the services you have requested, communication and renewal of your contracts. We may communicate with you about advertising and promotion of banking, financial and insurance products and services if you are in our database. You have the right to withdraw your consent, when you do not wish to receive electronic communications from our Bank. You will be removed from our relevant channel list, for example, by clicking the button "Please click here if you do not want to receive any emails from our Bank, promoting new products or services.", which you can find at the end of an email. 

Principles of personal data processing 
The bank processes your personal data based on the principles of personal data processing, as provided by Law No. 06/L-082 for the Protection of Personal Data, as follows: 
• Personal data is processed in a legal, fair, impartial and transparent manner, without violating your dignity; 
• Personal data is collected only for specific, explicit and legal purposes and is not further processed in any way that is not in accordance with those purposes;
• Personal data must be appropriate, relevant, not redundant and limited to the purposes for which they were collected or processed; 
• Personal data must be accurate and where applicable kept up to date. The Bank, taking into account the purposes for which the personal data is processed, will take all reasonable steps to ensure that those data which are incorrect are corrected or deleted without unreasonable delay; 
• Personal data may be stored as long as necessary to achieve the purposes for which they were collected or processed. After achieving the purpose of processing, personal data must be deleted, removed, destroyed, blocked or made anonymous, unless otherwise provided in another relevant law; 
• Personal data will be processed in a way that ensures adequate protection and security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate security measures to personal data.

Legal basis for processing personal data 
We collect, store and process your personal data only if one of the following criteria is met: 
• If you have consented to the processing of your personal data, for one or more specific purposes; 
• If the processing is necessary for the conclusion of a contract, in which you and the Bank are contracting parties, or to undertake actions related to your request before the conclusion of the contract; 
• If the processing is necessary to comply with the legal obligation to which the Bank is subject; 
• If the processing is necessary for the protection of your vital interests or those of other natural persons; 
• If the processing is necessary for the performance of a task of public interest or for the exercise of the official authority granted to the Bank; 
• If the processing is necessary for the purposes of the legitimate interests exercised by the Bank or the third party, except when these interests are exceeded by the interests or fundamental rights and freedoms of the data subject who requires the protection of personal data, especially if the subject of data is child.

The type of personal data that the Bank collects and processes 
The Bank processes personal data to provide its services or when required by law. The category of personal data to be processed depends on the services requested and the products used by our clients. The personal data that the Bank processes may belong to different categories, as shown in the list below. However, this list is not restrictive, as our clients may also use other services and products that require the Bank to process additional personal data. 

Personal information: 
- Name and surname; 
- Date and place of birth;
- Gender;
- Citizenship;
- Personal identification number (Type of identification document, Authority that issued it, Date of issue, Date of expiration);
- Copy of personal identification documents; 
- Marital status; 
- Family details;
- Authentication data (for example signature);
- Photography;
- PEP status. 

Contact information:
- Residential address (Street address, City, State, Postal code);
- Email address;
- Telephone contact numbers;
- Postal address (Street address, City, State, Postal code). 

Financial information:
- Financial status and income details;
- Employment status and employment of relatives;
- Credit history;
- Documents for credit assessment;
- Data from public registers;
- Relationship with other banks or financial companies;
- Business documents for self-employed individuals;
- Property documents (property description, property valuation report, collateral insurance, construction documents).

Information related to education, profession and work or business information:
- Employment status;
- Position and workplace;
- Monthly and other income;
- Professional experience;
- Education. 

Information about the products and services we offer you:
- Data from the fulfillment of contractual obligations;
- Bank account details;
- Credit/debit card details;
- Details of transactions and history;
- Data related to authorization agreements;
- Information on any third party beneficiary;
- Other data on the use of products and services offered by the Bank. 

Technical information and online identification:
- User registration and subscription data (eg online banking registration credentials);
- Details of the merchants you pay with your card. 

Other types of personal data:
- Images from security cameras in and around the Bank's premises.

If we have your express consent, we may also use some of your sensitive data, depending on the nature of your request, which should be limited to our products and services. We may have the right to use other personal data if necessary to provide you with any other specific products or services.

How your personal data is collected and processed by the Bank
The Bank may collect your personal data in some cases, for example when you directly use the services or products we offer, or when you use our online platforms. We collect your personal data when you:
• Open an account and/or register as a client;
• Apply or use any of our products or services;
• Use or view our website;
• Visit our branches or offices;
• Contact us through our communication channels;
• Provide information, in writing or orally, through e-mail, contact center forms, contracts or other communication channels.

The Bank may collect your data within the limits permitted by law also indirectly from other sources, including:
• Public registers (eg Central Credit Register, etc.);
• Related parties (e.g. employers, business owners, relatives or other persons); 
• Public authorities and law enforcement agencies.
​​
Purposes of personal data processing
At the Bank, we offer different products and services for our clients, therefore we can process your personal data for different purposes. For example, we may process your personal data for the following purposes:
  • For your identification and verification;
  • For opening accounts;
  • For performing payment services;
  • For issuing various credit products;
  • For online/digital services;
  • For marketing purposes;
  • For the return of bad debt;
  • To fulfill legal and regulatory obligations;
  • To prevent money laundering, terrorist financing and fraud;
  • For market research, planning and statistical analysis, if you have previously agreed to this;
  • To ensure the safety of other users and our website;
  • To encourage business development;
  • To ensure proper risk management;
  • To improve client service and client relationship management.
When you register on our website, we may receive your data through forms on our website (for example first name, last name, email, contact information, birthday, etc.) and provide you with the services of requested, or to send you our electronic newsletter, advertising information, etc., if you have previously agreed to this.

The use of your personal data may be extended from time to time, depending on the products and services offered by the Bank, in accordance with the relevant laws and regulations for the protection of personal data.

Storage of personal data 
The period of storage of personal data depends on the category of data and the purposes for which they are processed. 

The Bank will store your personal data in a secure and protected environment for as long as is necessary, in the first place, to fulfill the purpose for the collection and processing of the data, or for as long as is foreseen with the relevant legislation. 

If personal data is no longer required, it will be deleted in accordance with our deletion processes or will be anonymised.

Security of personal data 
The Bank provides all necessary and reasonable protection to maintain the privacy, security and integrity of your personal data. We are committed to taking all necessary measures to protect your data from loss, misuse or alteration. 

We usually store your personal data in our own databases, or in those provided by our service providers. 

The contracted employees of the Bank who have access to your information in order to provide you with the necessary services, are obliged to keep these data confidential and not to use them for any other purpose within the framework of the conventional obligation.

All reasonable technical and organizational measures are taken by the Bank to protect your personal data from destruction, loss, accidental or illegal change, as well as from any misuse or illegal and unauthorized use that may occur during its transfer in network data, publication or other procedures.

Transfer of your personal data
The Bank may disclose personal data about you to third parties who lawfully process your data. But this can only happen when this is required by law or you have agreed to this in advance.

The Bank may disclose your data to:
• Supervisory and other regulatory authorities such as: Central Bank of the Republic of Kosovo, Financial Intelligence Unit, Tax Administration of Kosovo, justice bodies and other competent authorities;
• Your authorized representative acting on your behalf with authorization such as lawyers, mediators, joint account holders, co-debtors, guarantors;
• Third parties with whom the Bank must cooperate inside and outside the Republic of Kosovo, to enable sits services, such as the Bank's shareholders, other members of the Bank's group, Visa, Mastercard, bank card issuers, ATM administrators, card payment processing companies, your beneficiaries, etc.;
• Other parties providing services for the purpose of fulfilling legitimate interests or contractual obligations, such as external legal advisors, notaries, auditors, accountants, marketing and advertising companies, document storage, document archiving and destruction companies, storage companies in the cloud, IT and telecommunications service providers, software development contractors, etc.

Third parties may have access to our clients personal data when required to perform the service in question. They will maintain the confidentiality of this data and will only use it to provide their services, under the supervision and on behalf of our Bank and for no other commercial or non-commercial purpose. 

When data is transferred, the transfer is made in strict accordance with the provisions of Law No. 06/L – 082 for the Protection of Personal Data, for which a special agreement regarding the protection of personal data will be signed with these service providers. 

However, the Bank is free to disclose non-personal and/or anonymous data, such as the number of visits to our website during a given period, to third parties without any restrictions.

Children's personal data
Our website services are not designed for children. In addition, the Bank does not intentionally collect children's data through any of our websites, except where permitted and/or required by law. 

Your rights as a Data Subject
As a data subject, you have the following rights: 
• The right to be informed — You have the right to be informed about the collection and use of your personal data;
• The right to access — You have the right to receive confirmation from the Bank as to whether your personal data is being processed or not, and if so, you have the right to request access to personal data and other information such as: Purposes of processing; Categories of personal data; Beneficiaries or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular recipients in third countries or international organizations; Where possible, the anticipated period for which the personal data will be stored, or if not possible, the criteria used to determine that period; • Right to rectification — You have the right to request the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to complete incomplete personal data, including by making an additional declaration;
• The right to erasure (the right to be forgotten) — You have the right to request the erasure of personal data, in certain cases according to the relevant legislation;
• The right to restriction of processing — You have the right to request the restriction of the processing of your data in certain cases according to the relevant legislation;
• The right to data portability — You have the right to receive the personal data held by the Bank in a structured, widely used and machine-readable format and reuse it for your own purposes or transmit this data to another controller;
• The right to object — You have the right to object at any time to the processing of personal data, due to a special personal situation, in certain cases according to the relevant legislation. In this case, the Bank will no longer process personal data, unless the Bank demonstrates a convincing legal basis for their processing, a basis that prevails over your interests, rights and freedoms;
• Rights related to automated decision-making and profiling — You have the right to ask the Bank not to be subject to a decision based solely on automated processing. However, this right does not apply if the decision is necessary for the conclusion or performance of a contract between you and the Bank; is authorized by a specific law to which the Bank is subject and which also establishes appropriate measures to protect your rights, freedoms and legitimate interests, or is based on your express consent;
• You have the right to withdraw your consent at any time. However, withdrawing consent will not affect the lawfulness of processing based on consent prior to its withdrawal. Withdrawal must be done in the same way as giving consent; 
• Without prejudice to other legal remedies, you have the right to file a complaint with the Information and Privacy Agency, if you claim that there has been a violation of your rights related to personal data. 

The Bank will respond to your request without delay, if you decide to exercise any of the above-mentioned rights. 

However, the Bank reserves its legal right to object to unreasonably repeated requests, or that are technically disproportionate and/or requests that are too difficult to fulfill, or that endanger the privacy of persons others.

Privacy Notice Updates 
The Bank reserves its right to modify this Privacy Notice from time to time, so that this notice reflects new services, changes in our practices and any legal and regulatory changes that may affect our responsibilities to our clients. Changes to this Privacy Notice may be made without prior notice to our clients or visitors.

All changes become effective the moment they are published on our website.
This notice was changed for the last time on 18.09.2023.

Information about the Institution
Türkiye İş Bankası A.Ş. Dega në Kosovë
Address: Str. Ukshin Hoti, No. 100, Lakrishte, Pristina, 10000, Kosova
Phone Number: +383 38 245 245
Fax: +383 38 224 542

Data Protection Officer
Name & Surname: Valbona Plepolli
Phone Number: +383 38 245 245
E-mail: dataprotection@isbank-kos.com

Hosting
Türkiye İş Bankası A.Ş.

Authorized Authorities​

Central Bank of Republic of Kosovo (CBK)
Address: Str. Garibaldi, No. 33, Pristina, 10000, Kosova
Phone Number: +383 38 222 055
Fax: +383 38 243 763

Information and Privacy Agency
Address: Str. Zejnel Salihu, No. 22, Pristina, 10000, Kosovë
Phone Number: +383 38 200 62 954
Fax: +383 38 200 62 965