Türkiye İş Bankası shows special consideration in ensuring the safety and privacy of the information belonging to our customers. This matter is a legal obligation of our Bank in accordance with the relevant legislation as well as it is a priority of our Bank's sensitivity of the issue. In the scope of our approach in showing the utmost care to protect our customers’ information and to act in accordance with the relevant legislation; our bank prepared detailed regulations on this issue and accepted the principle to protect our customer information throughout all of our practices. In addition to that, we prepared procedures to ensure that all of our employees demonstrate the highest level of sensitivity in this matter.
The personal data saved by automated or non-automated means and/ or shared electronically by our website visitors will be used primarily to fulfill their demands, and later on to provide them better online and banking services. Also, in accordance with the Privacy notice of our bank, we show due diligence in protection and safety of your personal data.
Information including personal data belonging to our customers is not shared in any way or form with third parties without customers’ consent, except for the cases where legal authorities or regulatory authorities demand access to this information according to relevant legislation.
Our Bank ensures that our supporting services’ providers do always abide by our Bank’s privacy standards and requirements.
Accordingly, it is our basic approach to protect all information belonging to the Bank and to our customers from unauthorized access, false use and alteration, corrosion and destruction; ensure the privacy, integrity and availability of the information.
When you share your personal information (address, phone, fax, e-mail etc.) with our Bank, this will only be used for fulfilling the services that you demanded, communicating (regarding operation and maintenance services) and renewing you contracts. Your data will not be shared with third parties unless you have given your consent for data sharing. However our bank may be obliged to share information with some third parties even without obtaining your consent when it is mandatory by law. We may communicate with you for marketing and promotion of banking, insurance and financing product and services if you are in our approved data base. You have a right of withdrawing your approval when you do not want to receive e-communications of our Bank. You will be released from our list of related channel by, for example, clicking the link “Please click here if you do not wish to receive any e-mail from our Bank regarding promotion of new product or services.” you may find at the bottom of an e-mail.
Legal base for personal data processing
We collect storage and process your personal data only if one of the following criteria applies:
if you have given consent to the processing of your personal data for one or more specific purposes;
if processing is necessary for the performance of a contract to which you and the Bank are contracting parties or in order to take steps at your request prior to entering into a contract;
if processing is necessary for compliance with a legal obligation to which the Bank is subjected;
if processing is necessary in order to protect your vital interests or of another natural person;
if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Bank;
if processing is necessary for the purposes of the legitimate interests pursued by the Bank or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Principles of personal data processing
We process your personal data based on principles of personal data processing, as foreseen in the Law on personal data protection, as follows:
Personal data are processed in an impartial, lawful and transparent manner, without infringing of your dignity;
Data are collected only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
Personal data shall be adequate, relevant and limited to the purposes for which they are further collected or processed;
Personal data shall be accurate and kept up to date; we will take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Personal data may be stored insofar as necessary to achieve the purpose for which are further collected or processed. After the fulfilment of processing purpose, personal data shall be erased, deleted, destroyed, blocked or anonymized, unless otherwise foreseen in another relevant law;
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures
Type of personal data we use
In order to fulfil our contractual obligations when offering and providing different products and services, we need to use different personal data, depending on the nature of the transaction. In this notice, “personal data” means any information or bits of information that makes you identified or identifiable, including but not limited to:
Personal information (Name and surname; Personal identification number; Date and place of birth; Copy of personal identification documents; Nationality; Gender; Marital status etc.)
Contact information (Email address; Phone numbers; Residential address etc.)
Financial information (Employment status; Monthly and other incomes; Debt and/or credit history;
Information about your education, profession, and work or business information
Information about services and products we provide to you.
If we have your explicit consent, we may also use some of your sensitive data, depending on the nature of your request, which must be limited only to our products and services. We may be entitled to use any other personal data if necessary, in order to offer to you any other specific product or service.
How do we collect your personal data
We may collect and process personal data by two different ways. You may share your data voluntarily through applications and other forms for requesting of our products and services, as well as from documents that you present to us while conducting applications and other forms of requests, or we may collect some of your data automatically through our online services. It is ensured that we are using your personal data in accordance with the purpose of collecting such data.
How do we use your personal data
We offer different products and services to our clients, thus we use your personal data for different reasons. For example we may use your personal data for purposes enlisted below:
for your identification and verification; for opening of the accounts, for conducting payment services; for issuing different credit products; for online/digital services; for marketing purposes; for bad debt recovery; for complying with legal requirements etc.;
When you register to our website, we may obtain your personal data via the forms on our website (i.e.; name-surname, e-mail, contact information, birthday etc.) and provide the requested services or send e-bulletin, information regarding marketing etc. if you have given your consent previously;
Your personal data may be processed for market research, planning and statistical analysis if you have given your consent previously.
We may process your personal data to ensure the safety of other users and our website.
The usage of your personal data can be extended from time to time, depending on the products and services offered by İş Bankası, in compliance with the laws and regulations on personal data protection, as well as other relevant applicable laws.
Retention period of personal data
İş Bankası will preserve your personal data in a secure and conserved environment as long as it is necessary for fulfilling the reason for obtaining the data in the first place or as long as the period specified in the legislation.
Transfer of Your Personal Data
Your personal data will not be shared with third parties without your consent, unless it is mentioned in this Privacy notice or in legislation.
We may share your personal data with third parties which provide support services for us (for example; data processors, hosting service providers, website operators, data analyzers, outsourced customer services firms or payment managers etc.), inside and outside territory of the Republic of Kosovo. Third party service providers may be given access to our customers’ personal data when it is required to fulfill the service in question. They will keep such data confidential and use it only for providing their services under supervision and on behalf of our Bank and not for any other commercial or non-commercial purposes. In all these cases, the Bank will ensure that your rights are safeguarded and that such a transfer is done in compliance with the law, for which reason a separate agreement related to protection of personal data will be signed with these service provider.
The Bank will also share your personal data with the Central Bank of Kosovo (CBK) and at the same time will collect information from CBK in regards to your credit history; as well as with its shareholders and other group members.
The Bank may also disclose your personal data to all competent public authorities such as the Financial Information Centre, State Prosecutors Office, Police, Courts etc., if required to by law.
However our Bank is free to share with third parties non-personalized and/ or anonymized data, such as number of visits to our website in a determined period of time, without any limitation.
Security of Personal Data
İş Bankası provides all necessary and reasonable protection for preserving the privacy, safety and integrity of your personal data. We work hard and take all necessary measures to protect your personal data from any loss, misuse or alteration.
We generally preserve your personal data in data bases of İş Bankası or data bases provided by our service providers.
Contractual associates of İş Bankası which have access to your information to provide you the necessary service are under the obligation of keeping this information confidential and not using for any other purposes in scope of conventional obligation.
Safety of information and integrity of data
All technical and reasonable measures are taken to protect your personal data against accidental or illegal destruction, loss, alteration, all illegal and unauthorized misuse that may occur during data transfer over network, disclosure and access and other procedures and abuses.
Personal data and children
Our website services are not designed for children. In addition to that, we don’t collect personal data of children intentionally through any of our websites unless otherwise is allowed and/ or mandated by legislation.
Modification in Our Privacy Notice
Our Bank reserves its right to modify this Privacy notice in order to comply with the most updated version of the data protection law, without a prior notice to its customers or visitors. It is submitted that, such a revision on our privacy notice will be announced on our website as soon as possible. This notice has been last changed on 19.03.2019
You have the right to obtain from the Bank confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information; the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
You have the right to obtain from the Bank the rectification of inaccurate personal data concerning you. This means that you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. You also have the right to obtain from the Bank the erasure of your personal data, if there are no legal grounds for processing of your personal data or the legal grounds have ceased to exist.
You have the right to obtain from the Bank restriction of processing where one of the following criteria applies: the accuracy of the personal data is contested by you, for a period enabling the Bank to verify the accuracy of personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the Bank no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to pending verification whether the legitimate grounds of the Bank override your legal grounds.
In some cases, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data. In this case, the Bank shall no longer process the personal data unless the Bank demonstrates compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes (by addressing your concern through email address: firstname.lastname@example.org, and/or visiting one of our Branches), the personal data shall no longer be processed for such purposes.
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this right shall not apply if the decision: is necessary for entering into, or performance of, a contract between you and the Bank; is authorised by a specific law to which the Bank is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or is based on your explicit consent.
You shall have the right to receive your personal data, which you provided to the Bank, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Bank.
You are entitled to withdraw your consent at any time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal shall be done in the same way as the giving of the consent.
Without prejudice to other administrative or judicial remedies of protection, you have the right to file a complaint before the Agency, if you claim that the processing of your personal data violates the law on data protection.
However, İŞ BANKASI reserves its legitimate right to reject unreasonably repeated or technically disproportionate requests and/ or requests which are extremely difficult to meet or which risks other peoples’ privacy.
Türkiye İş Bankası A.Ş. Dega Në Kosovë
Address: Str. Ukshin Hoti, No.100, Lakrishte, Prishtina 10000, Kosovo
Phone: +381 38 245 245
Fax: +381 38 224 542
Data Protection Officer
Name &Surname: Mr. Urim Bexheti
Phone: 049/904 501
Türkiye İş Bankası A.Ş.
Central Bank of the Republic of Kosovo
Address: Rruga Garibaldi, Nr.33, 10000, Prishtina, Kosovo
Phone: +381 38 222 055
Fax: +381 38 243 763
Information and Privacy Agency
Address: Rruga Luan Haradinaj, 10000, Prishtina, Kosovo
Phone: +381 38 200 629