İSTANBUL ÖDEME VE ELEKTRONIK PARA A.Ş.
CUSTOMER CLARIFICATION TEXT WITHIN THE SCOPE OF
PERSONAL DATA PROTECTION LAW NO: 6698
As per the Personal Data Protection Law No: 6698 ("KVKK") in the processing of personal data; we, İstanbul Ödeme ve Elektronik Para A.Ş. ("İst-pay" or "Company"), acting in the capacity of the data controller, would like to inform you in accordance with Article 10 "Obligation of the Data Controller to Inform" of the Law.
Ist-pay shows utmost care to ensure the confidentiality and security of personal information received from its customers ("physical channels and wallet service users") and/or legal/voluntary representatives of customers. This Clarification Text has been prepared in order to inform our customers about the personal data processed within the scope of KVKK and the methods of collection of the personal data, the legal grounds and purposes of personal data processing, the persons/institutions to whom personal data are transferred and the purposes of transfer, the rights of natural persons whose personal data are processed and to prevent, manage and execute fraud.
Title
|
İstanbul Ödeme ve Elektronik Para A.Ş.
|
Address
|
Esentepe Mah. Büyükdere Cad. No: 173 1. Levent Plaza A Blok Kat:10 Şişli / İstanbul
|
Central Registration System No/Trade Registry No
|
0481061848900010 / 51970-5
|
Telephone Number
|
0850 480 99 99 Ext:105
|
Processed Personal Data of the Sender and Recipient and Method of Collection
We need your personal data in order to fulfil our legal obligations within the scope of our company's activities and to provide you with high quality, complete and better service. Your personal data are collected verbally, in writing or electronically or by automated, semi-automated or non-automated methods specified in the Law, during the registration process that you make face-to-face or online in order to benefit from the service to be provided, through web-based applications and via all kinds of information and documents that you have submitted to İst-pay or obtained from third parties before, during and after the establishment of the payment service relationship in order to provide the payment service within the legal framework and to enable our Company to fulfil its obligations arising from the contract and the Law in a complete and accurate manner.
Identity Details
|
Name, surname, middle name, TR ID No, Foreigner ID No, identity document number, father's name, mother's name, date of birth, place of birth, passport number, residence permit number, temporary identity document number, driver’s license number, nationality, signature,
|
Contact Information
|
e-mail address, telephone number, residential address
|
Customer’s Transaction Details
|
Records for the use of products and services and information such as customer's instructions and requests required for the use of products and services, information such as profession, relationship between recipient and sender, purpose of money transfer, transaction reference, invoice details, customer satisfaction/complaint information.
|
Financing Details
|
Personal data processed in relation to information, documents and records showing all kinds of financial results created according to the type of legal relationship established with the personal data subject/owner (information such as transfer amount, history of sending and receiving money) Invoice, IBAN, Account Activities, Customer Card Number, Payments Made and Received, Receipt, Shopping History, payment instruction information, balance, transaction limit, bank name.
|
Physical Space Security, Audio and Visual Records
|
Camera records, employee and visitor entry and exit records,
|
Risk Management
|
Information processed for the management of commercial, technical and administrative risks.
|
Legal transaction details
|
Information in correspondence with judicial authorities, information in the case file, parent/guardian information
|
Transaction Security
|
Device information, IP address information, log records, password information, security question, certificate, encryption key, user name and surname, CVV2, CVC2 code, etc.
|
Method of Collection
As Ist-pay, we collect your personal data mentioned above in written, verbal and visual format through automated, partially automated or non-automated means using electronic and physical methods.
(i) Methods of Obtaining Your Personal Data from You
Through Non-Automated Means:
DATA CATEGORY
|
RELEVANT ACTIVITY TO OBTAIN DATA
|
Identity, Contact Details, Customer Transaction, Finance
|
Verbally, by filling out forms and documents received for the digital wallet customers in money sending and receiving transactions in which you take part as a sender and/or recipient.
|
Identity, Contact Details, Customer Transaction, Finance, Legal Transaction
|
Your written applications / submissions / instructions made in person, via mail, social media, courier services and your verbal applications made through the call center (information acquisition, complaint etc.)
|
Through Semi-Automated Means:
DATA CATEGORY
|
RELEVANT ACTIVITY TO OBTAIN DATA
|
Identity, Contact Details, Customer Transaction, Finance, Legal Transaction
|
Electronic correspondence and sending instructions for the acquisition of information, complaints and similar purposes (e.g. via registered electronic mail, electronic notification, electronic mail methods, web page),
|
Through Automated Means:
DATA CATEGORY
|
RELEVANT ACTIVITY TO OBTAIN DATA
|
Physical Space Security, Audio and Visual Records
|
Transactions at the branch or representative offices
|
(ii) Method of Obtaining Your Personal Data from Ist-pay Information Processing System
DATA CATEGORY
|
RELEVANT ACTIVITY TO OBTAIN DATA
|
Customer Transaction, Finance, Legal Transaction, Risk Management
|
Data obtained as a result of using the products and services offered by İst-pay (Information such as transaction reference, transfer amount, money sending and receiving history etc.)
|
(iii) Methods of Obtaining Your Personal Data from Third Parties
Your personal data are collected by automated means through the following organizations:
DATA CATEGORY
|
RELEVANT ACTIVITY TO OBTAIN DATA
|
Identity, Contact Details
|
Through intermediary institutions/financial institutions with which we are business partners in money transfer transactions
|
Identity
|
Public institutions and bank databases where your identity details are registered (e.g., database of the General Directorate of Civil Registration and Citizenship Affairs)
|
We may collect your personal data by non-automated methods through the following institutions and organizations or persons:
DATA CATEGORY
|
RELEVANT ACTIVITY TO OBTAIN DATA
|
Identity, Contact Details, Legal Transaction, Customer Transaction, Finance
|
Persons/legal-voluntary representatives appointed to act on your behalf (e.g. attorney, guardian)
|
Identity, Contact Details, Legal Transaction, Customer Transaction, Risk Management, Finance
|
Judicial Authorities
|
Identity, Contact Details
|
Mail, cargo or courier companies
|
Identity, Risk Management
|
Publicly available sources such as media reports
|
If you provide us with personal data about other people (such as your family) or ask us to share their personal data with third parties, you should confirm that they are duly informed about this Clarification Text with respect to the use of their personal data and that they understand the information contained herein.
Legal Grounds and Purposes of Processing Personal Data
|
|
|
PERSONAL DATA CATEGORY
|
PURPOSES OF PROCESSING
|
LEGAL GROUNDS
|
Identity, Contact Details, Finance, Customer Transaction, Risk Management,
|
· Fulfilment of obligations and responsibilities regarding payment services provided within the scope of field of activity of our Company,
|
· It is directly related to the conclusion or performance of the contract,
· It is mandatory for the fulfilment of our legal obligations.
|
· Identification and confirmation of your identity and demographic information,
· Ensuring that payment service user information is verified and up-to-date,
· Prevention of counterfeiting / fraud,
· Storing and reporting the information requested by public institutions such as MASAK, CBRT, RA and similar public institutions that we are obliged to provide information, and meeting the information and document requests of these institutions,
· Validly Conclusion of the Payment Service Agreement (Framework Agreement)
· Opening and maintenance of user account,
· Conversion of the payment account into a verified account and contracted account,
· Transferring and loading money to the account,
· Refunding money to the user,
· Notification and promotion of campaigns and products within the scope of the services offered by the organization, advertising activities, customer relationship management activities for these purposes,
· Conducting business models and marketing analysis studies and business development activities,
|
· It is explicitly stipulated in the laws,
· It is directly related to the conclusion or performance of a contract,
· It is mandatory for the fulfilment of our legal obligations.
|
Identity, Contact Details, Finance, Customer Transaction, Risk Management, Legal Transaction, Physical Space Security
|
· Conducting risk analyses,
· Management of risk management and information security processes,
· Carrying out Internal Audit / Investigation / Intelligence activities,
· Carrying out storage and archiving activities,
|
· It is explicitly stipulated in the laws,
· It is mandatory for the fulfilment of our legal obligations.
|
· Following up legal affairs,
· Following up requests and complaints,
· Management of legal affairs,
· Obtaining parental/legal representative consent for minors.
|
· If data processing is mandatory for the establishment, exercise or protection of a right.
|
· Designing the business processes and activities of the company, planning and executing the operational processes and purchasing operations,
· Management of relationships established with support service/external service providers, business partners or suppliers, executing after sales support/external services,
|
· Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
· It is mandatory to process the personal data for the legitimate interests of the Company without prejudice to the fundamental rights and freedoms of the data subject.
|
Finance, Identity, Contact Details, Customer Transaction
|
· Fulfilment of budget and financial reporting processes.
|
· It is mandatory to process the personal data for the legitimate interests of the Company without prejudice to the fundamental rights and freedoms of the data subject.
|
Finance, Identity, Contact Details, Customer Transaction, Physical Space Security
|
· Receiving and evaluating suggestions for the improvement of business processes,
· Increasing the quality of the products and services we offer to our customers,
· Carrying out customer satisfaction studies with respect to the processes of our company.
|
· It is mandatory for the fulfilment of our legal obligations,
· It is mandatory to process the personal data for the legitimate interests of the Company without prejudice to your fundamental rights and freedoms.
|
Finance, Contact Details, Identity, Customer Transactions
|
· Conducting analyses during the execution of strategy studies in order to meet the expectations of our customers and improve our services,
|
· It is mandatory to process the personal data for the legitimate interests of the Company without prejudice to your fundamental rights and freedoms.
|
Identity, Contact Details
|
· In domestic money transfer transactions (sending / receiving), sharing information with our business partners, banks, intermediary institutions / financial institutions to ensure the realization of the transaction,
· In foreign money transfer transactions (sending / receiving), sharing information with our business partners, banks, intermediary institutions / financial institutions to ensure the realization of the transaction.
|
· Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
· It is mandatory to process the personal data for the legitimate interests of the Data Controller without prejudice to the fundamental rights and freedoms of the data subject.
|
Transfer of Personal Data
In cases required by the legislation and permitted by you, your personal data may be shared with and disclosed to third parties and organizations for the purposes set out in this Clarification Text by ensuring that all necessary technical and administrative measures are taken to ensure the appropriate level of security as per KVKK and other relevant legislation. Although these persons and organizations may change depending on the changes to be made in the relevant legislation, they are generally the following parties. Your personal data are transferred to the following parties for the following purposes and legal grounds:
PERSONS/ORGANIZATIONS TRANSFERRED
|
PURPOSE OF TRANSFER
|
LEGAL GROUNDS
|
Public institutions and organizations and judicial authorities legally authorized to receive information
|
For legal reasons such as legal reporting, carrying out regulatory and auditing activities, handling complaints and legal processes etc.
|
· It is explicitly stipulated in the laws,
· It is mandatory for the fulfilment of our legal obligations.
|
Foreign intermediary institutions/financial institutions (You can find detailed information on contracted foreign organizations and which personal data are subject to transfer to abroad in line with existing agreements from the list included at the end of the Clarification Text).
|
Sharing information to ensure the realization of the transaction in foreign money transfer transactions (sending/receiving)
|
· In case of existence of your explicit consent
|
Support service/foreign service corporations, suppliers, law firms, service provider business partners authorized as data processors, public and private financial institutions, banks.
|
Providing support and consultancy services to the company,
Realization of transactions made through the domestic wallet (money transfers from the wallet, money transfers to the wallet).
|
· It is mandatory for the fulfilment of our legal obligations,
· Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract.
|
Your Rights
As per the provisions of KVKK, you may exercise the following rights by applying to İst-pay:
- to learn whether personal data are processed or not,
- to demand for information if personal data have been processed,
- to learn the purpose of the processing of personal data and whether these personal
data are used in compliance with the purpose,
- to know the third parties to whom the personal data are transferred at home or abroad,
- to request the rectification of the incomplete or inaccurate data, if any,
- to request the erasure or destruction of the personal data,
- In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred,
- to object to the occurrence of a result against himself/herself by analyzing the data processed solely through automated systems,
- to claim compensation for the damage arising from the unlawful processing of the personal data.
Storage, Protection and Destruction of Personal Data
Your Personal Data will be stored for the period required by law as long as it is appropriate for the purposes of collection. We act in accordance with the criteria that we determine for the retention periods specific to personal data categories. We take all necessary technical and administrative measures within the scope of KVKK legislation by taking measures against unauthorized access to your personal data, incorrect processing, unauthorized disclosure, unlawful alteration or deletion of the personal data. In the event that your personal data is intercepted/disclosed as a result of attacks on our company's servers and/or other systems, our company will immediately inform you and the Personal Data Protection Authority as soon as possible. If the relevant period expires, your personal data will be deleted, anonymized or destroyed.
You can submit your requests regarding your rights and the implementation of the Law by filling out the application form available at https://www.ist-pay.com or by filling out the application form that you can obtain from us or with the methods that meet the minimum requirements written below;
- Your application with wet signature via notary public to "Esentepe Mah. Büyükdere Cad. No: 173 1. Levent Plaza A Blok Kat:10 Şişli/İstanbul", by registered mail with return receipt requested or in person at your own discretion.
- By sending your application via e-mail to istanbulodeme@hs01.kep.tr using the registered electronic mail (KEP) address assigned to your name;
- By sending an e-mail to kvkk@ist-pay.com using the e-mail address notified by you to the company and registered in the company system.
If a written response is to be given, İst-pay will respond to the requests within this scope within thirty (30) days without charging a fee for the requests up to ten pages and by charging a transaction fee of 1 Turkish lira for each page for the requests exceeding ten pages. If the response to the application is given in a recording medium such as CD, flash memory, then the fee that may be requested by the Company shall not exceed the cost of such recording medium.
In the application that you are entitled to make as a personal data owner and that you will make to exercise your rights mentioned above and that includes your explanations regarding the right you request to exercise; the subject matter of your request must be clear and understandable, the subject matter that you request must be related to you in person or if you are acting on behalf of someone else, you will be required to submit your special power of attorney certified by a notary public.
As per the "Communiqué on the Procedures and Principles of the Application to the Data Controller", it is mandatory to include name-surname, signature, Turkish ID number (nationality, passport number or ID number, if any, for foreigners), residential or workplace address for notification, e-mail address, telephone and fax number, and the subject of the request in your applications. Applications that do not contain such elements will be rejected by İst-pay or directed to valid application channels.
All registered or unregistered intellectual property rights such as title, business name, trademark, patent, logo, design, information and method contained in this Website belong to the site operator and owner company or the person concerned and are under the protection of national and international laws. Visiting this Website or using the services on this Website does not confer any rights about the intellectual property rights.
The information contained on the Website may not be reproduced, published, copied, presented and/or transferred in any way. The Website may not be used, in whole or in part, on any other website without prior permission.
All İst-pay employees are equipped with awareness trainings on the Personal Data Protection Law, are periodically informed and have the notion of confidentiality. İst-pay acts with awareness and sensitivity in all activities carried out by İst-pay and in the life cycle of personal data within the Company.
İst-pay always reserves the right to make changes in this Disclosure Text for the reasons arising from the Law, secondary regulations and decisions of the Personal Data Protection Board. It is not necessary to make any prior notification before to the updates to be made from time to time due to operational requirements and it includes all services and products, pages, information and visual elements.
İSTANBUL ÖDEME VE ELEKTRONIK PARA A.Ş.
CUSTOMER CLARIFICATION TEXT AND EXPLICIT CONSENT FORM WITHIN THE SCOPE OF
PERSONAL DATA PROTECTION LAW NO: 6698
As we, Istanbul Ödeme Ve Elektronik Para A.Ş., have stated in the "Istanbul Ödeme Ve Elektronik Para A.Ş. Customer Clarification Text Regarding Money Sending and Receiving Transactions within the Scope of Personal Data Protection Law No: 6698 (KVKK) within the scope of Istanbul Ödeme Ve Elektronik Para A.Ş. within the Scope of Personal Data Protection Law No: 6698 (KVKK)" that we have presented to you regarding the processing and transfer of your personal data, some of your personal data may be transferred abroad only within the scope of your explicit consent. This text has been prepared to inform you about our personal data transfer processes within the scope of your explicit consent. First of all, we would like to state that you are not obliged to give your explicit consent for the processing of your personal data specified in the processes below. Please tick the box "I have read the Clarification Text within the scope of Law No: 6698. I hereby agree and declare that I give my explicit consent to the personal data to be transferred within the scope of my explicit consent." for matters that you give your explicit consent. Your personal data regarding the processes that you don’t give your explicit consent will not be transferred.
In case of your explicit consent;
As Istanbul Ödeme Ve Elektronik Para A.Ş., your personal data specified to be transferred within the scope of your explicit consent in the Clarification Text for the processing and transferring your personal data will be shared with foreign intermediary institutions/financial institutions (in line with existing agreements with contracted foreign institutions) when necessary by taking all necessary administrative and technical protection measures for the purposes below:
- Sharing information with intermediary institutions/financial institutions with which we cooperate in order to ensure the realization of the transaction in foreign money transfer transactions (sending/receiving),
- Execution of service processes,
EXPLICIT CONSENT FORM
I have been duly informed by Istanbul Ödeme Ve Elektronik Para A.Ş. regarding the processing and transfer of my personal data in accordance with the Personal Data Protection Law No: 6698 and additional legislation.
Regarding the transfer of my personal data specified below, I hereby agree and declare to give my;
- Explicit consent to the transfer of my identity information,
- Express consent to the transfer of my contact details.
Identity of the Data Controller
Website : https://www.ist-pay.com/
Telephone Number : 0850 480 99 99 / 105
E-Mail Address : musteridestek@ist-pay.com
Address : Esentepe Mah. Büyükdere Cad. No: 173 1. Levent Plaza A Blok Kat:10 Şişli / İstanbul