Privacy Statement » Privacy Statement

Customer Privacy Statement addressing basic mortgage and savings products

Who we are and how to contact us:

Turkish Bank (UK) Limited, 84-86 Borough High Street, London SE1 1LN is the data controller of your personal information. This means that we are responsible for deciding how and why your information is used.

This privacy statement explains:

• what information we collect about you,
• how we use it,
• who we share it with, and
• the rights you have under data protection law

If you have any questions about this statement, or if you want to exercise your rights, you can contact our Data Protection Officer (DPO):

Email: dpo@turkishbank.co.uk

or

Post: Data Protection Officer
Turkish Bank UK,
84-86 Borough High Street,
London SE1 1LN

We may update this Privacy Statement from time to time. The latest version will always be available at: [www.turkishbank.co.uk/privacy-statement/]

Please note: we also need to share with you the privacy statements of Fraud Prevention Agencies and Credit Reference Agencies, who are separate data controllers. Their own privacy notices explain how they use your data, and we provide direct links after in this statement.

Your personal information and what we do with it: This Privacy Statement explains how Turkish Bank (UK) Limited uses your personal information when you apply for or use our mortgage or saving products.

We collect and use information about you so that we can:

• provide you with products and services,
• meet our legal and regulatory duties,
• meet our legal and regulatory duties,
• prevent fraud and financial crime, and
• keep you informed about your rights.

Later in this statement we explain in more detail:

• what information we collect,
• why we use it,
• who we share it with,
• how long we keep it, and
• the rights you have under data protection law.

We have kept this statement as clear and accessible as possible, in line with our duty to ensure customers can easily access and understand how their data is used.

 

Personal information that we generally process in connection with all our products and services

The information we collect depends on the product or service you apply for. Some information is relevant to all customers, while some is specific to mortgage or savings products.

• Information we collect for all our products and services includes: Your name, title, and contact details including for instance your email (address, telephone numbers, email),
• Your date of birth and age (to check eligibility for products),
• Your address history and residency details,
• Your nationality (where required for legal or regulatory reasons),
• Records of how you contact us (including call recording, emails and online contact such as IP address),
• Information we obtain from fraud prevention agencies and,
• Limited Some “special category” data such as health information, where this is relevant to supporting you as a vulnerable customer.

If we apply for a mortgage, we will also collect:

This includes:

• Financial information (salary, income, savings, spending, details of accounts you use to make payments)
• Details of existing borrowings and loans
• Information about your credit history from Equifax and public records such as (electoral roll, insolvency service, Companies House, and court judgments)
• Your employment status (employed, self-employed, retired or receiving benefits)
• Details of your housing status (e.g. tenant, homeowner, living with parents)
• Information on your residency and citizenship status such as your (e.g. nationality, length of UK residency, right to remain in UK
• Details about your marital status, and dependents if relevant to the mortgage
• Information about any guarantor linked to your application

If you apply for a savings product, we will also collect:

• Financial information (salary, income, details other savings, and linked accounts you use to make deposits)
• Information about any person who makes a withdrawal on your behalf

• Information about your tax position (where legally required).

If you were introduced by a broker or intermediatory

You may have been introduced to us by a mortgage broker, financial adviser, or another intermediary.

• If the broker or intermediary is acting on our behalf (as our data processor), this privacy statement applies to the way our information is used, and you should contact us if you want to exercise your data protection rights.

If the broker or intermediary is acting in their own right (as data controller), their own privacy statement will apply. You should ask them for a copy if you do not already have one.

This means that sometimes your information is shared between us and your broker. For example, if you apply for a mortgage through a broker, we may need to share updates on your application with them.

How and why, we use your information (legal grounds)

We use your personal information for several different reasons. Data protection law requires us to explain the legal grounds that allow us to do so. Sometimes more than one ground may apply.

1) To provide you with products and services

We use your personal information because it is necessary to:

1. 1. Process your application
   2. Set up and manage your account
   3. Take payments and collect money owed
   4. Communicate with you about your account

2) To meet our legal and regulatory obligations (Legal obligation) We must process certain information to comply with laws and regulations, including:

1. 1. Anti-money laundering and financial crime checks,
   2. Identity verification,
   3. Reporting to regulators such as the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), HM Revenue & Customs (HMRC) and the Information Commissioner’s Office (ICO), and
   4. Responding to requests from courts, law enforcement and dispute resolution bodies such as the Financial Ombudsman Service (FOS)

3) For our legitimate interests (Balanced against your rights)

We may process your information where it is in our legitimate interests to do so, provided this does not unfairly impact your rights. Examples include:

1. 1. Managing our business operations and accounts
   2. Monitoring and improving our products and services
   3. Preventing and detecting fraud
   4. Ensuring good governance and internal reporting
   5. Carrying out market research and statistical analysis.

4) With your consent (when you choose to give it)

IN some limited situations, we will ask for your consent before using your data. For example:

1. 1. Sending yu direct marketing communications
   2. Using special category data (such as health information) to support you if you are a vulnerable customer
   3. Where we use automated decision-making that requires your explicit consent.

You can withdraw your consent at any time by contacting us.

5) For reasons of substantial public interest

In certain cases, we may process sensitive information (such as health details for vulnerable customers) where this is necessary to meet wider social obligations, such as protecting individuals at risk of harm or meeting our regulatory duties.

Who we share your information with

We sometimes need to share your personal information with other people or organisations. We only share what is necessary, and we always ensure your information is protected.

We may share information with:

People connected to your account:

1. 1. 1. Your guarantor (if you have one).
      2. Joint account holders or trustees
      3. Beneficiaries, and
      4. anyone who has power of attorney over your affairs

Our group and business partners:

1. 1. 1. Other members of our Group (Turkish Bank Group companies)
      2. Other payment service providers (for example, if you ask us to make or receive payments)
      3. Brokers or intermediaries who introduce you to us (where relevant)

Professional and business services:

1. 1. 1. Our legal advisers, auditors and actuaries
      2. Debt recovery agencies
      3. IT and hosting providers
      4. d. Companies that provide document storage or other back-office services.

Regulators and authorities:

1. The Financial Conduct Authority (FCA)
2. The Prudential Regulation Authority (PRA)
3. HM Revenue & Customs (HMRC)
4. The Information Commissioner’s Office (ICO)
5. The Financial Services Compensation Scheme (FSCS)
6. The Financial Ombudsman Service (FOS)

Credit Reference and Fraud Prevention Agencies:

1. Equifax Ltd, our chosen credit reference agency – equifax.co.uk/crain
2. Cifas, the UK’s national fraud prevention agency – cifas.org.uk/fpn

These organisations are independent data controllers. Their own privacy notices explain how they use your data.

If we ever sell or restructure our business, we may need to share relevant customer information with buyers and their professional advisers.

We may share information with market research companies, but only in a way that does not directly identify you, unless you have agreed to take part in a specific survey.

Transferring your information outside the UK or EEA

We are based in the UK, but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA).

We may share information with other companies in our Group, including Turkey and North Cyprus. This may be necessary to:

• Process applications for financial products
• Confirm your identity and financial details
• Help us operate and administer your account.

If you hold a debit card with us, we may share information with overseas service providers, such as EVRY Norge AS, who support the operation and administration or card services.

When your information is transferred outside of the UK or European Economic Area (EEA) we take steps to make sure it is properly protected. This may include using:

• Countries recognised by the UK as having adequate data protection laws.
• Standard contractual clauses approved by the UK government

In limited cases, we may transfer your information under a legal exception (Known as a “derogation”), such as where the transfer is necessary to perform your contract with us.

If you would like more details about how your information is protected when it is transferred overseas, you can contact our Data Protection Officer using the details in section 1.

How long we keep your information

We keep your information only for as long as it is needed to provide our products and services, and to meet our legal and regulatory requirements.

When deciding how long to keep information we consider:

• How long you have an account or relationship with us
• Whether we are under a legal or regulatory duty to keep it
• Whether we may need it to protect our legal rights (, for example, for disputes or claims)

If you would like more details about how long we keep specific types of information, you can contact our Data Protection Officer using the details in Section 1.

Your rights under data protection law

You have a number of rights under data protection law. Some rights apply in all cases, while others apply only in certain circumstances. If you make a request, we will explain what rights apply and how we will deal with it.

Your rights include:

• ACCESS – You can ask for a copy of the personal information we hold about you.
• CORRECTION – You can ask us to correct inaccurate information or complete incomplete information.
• ERASURE – In some cases you can ask us to delete your information (“the right to be forgotten”).
• RESTRICTION – You can ask us to stop or limit how we use your information.
• OBJECTION – You can object to us using your information for certain purposes, including direct marketing.
• PORTABILITY – You can ask us to transfer your information to another provider in a structured, commonly used and machine-readable format.
• AUTOMATED DECISIONS – If we make decisions about you only using technology (without human involvement), you can ask for human review and to challenge the decision.

If you want to use any of your rights, please contact our Data Protection Officer (see Section 1 for contact details).

If you are unhappy with how we use your information, you also have the right to complain to the information commissioners office (ICO), the UK regulator for data protection: www.ico.org.uk

If your request relates to information held by another organisation (such as Equifax, Cifas, or a broker/intermediary acting as their own data controller) you will need to contact them directly.

Your marketing preferences

We may contact you about our products and services using your home address, phone number, email or, in some cases, social media.

We will only send you marketing where we have a legal basis to do so, usually because you have given us your consent or because the law allows us to contact you about similar products or services..

You can stop receiving marketing at any time by:

• contacting us directly (See Section 1 for details)
• Following the unsubscribe instructions in the emai,l or other communication.

Our Group companies

Turkish Bank (UK) is part of the Turkish bank Group. Other members of our group include:

TÜRK BANKASI www.turkishbank.net/en/

TURKISH BANK LTD – www.turkishbank.com/

We may share information within our group for the purposes set out in this privacy statement (for example, to help administer accounts or meet regulatory requirements).

For the latest information about our Group companies, please visit the website above.

Glossary

• Automated Decision-making:

This means decisions made about you using a computer system without human involvement. For example, deciding whether you qualify for a product based only on information processed automatically.

• Profiling:

This is a type of automated processing where we use information about you to analyse or predict aspects such as your financial situation, behaviour or preferences.

• Legitimate interests:

This is a lawful reason for using your personal information where we (or another organisation) have genuine business need, as long as it does not unfairly affect your rights or freedoms.