Protection of Personal Data
Information Note for Clients Regarding Protection and Processing of Personal Data
OYAK GRUP SİGORTA ve Reasürans Brokerliği Anonim Şirketi (“OYAK Brokerlik” or “Organization”) aims processing of personal data of its real person clients pursuant to the provisions of the Personal Data Protection Law no. 6698 (“PDP Law”) and other legislation. This Information Note hereby aims maintaining and improving the activities of our Organization in line with the principles available in the PDP Law.
We would like to inform you that your personal data, which you have provided/will provide to our Organization since that you are a real person client of our Organization and/or obtained by our Organization through any means may be recorded, stored, retained, reorganized, shared with the organizations legally authorized to request such personal data, and transferred and assigned to third parties located in domestic or at abroad, classified, processed in other ways set out in the PDP Law and subjected to the other procedures set out in the PDP Law by our Organization as the “Data Controller”
- within the scope of the purpose requiring the processing of your personal data and by being connected, limited, and restrained with this purpose,
- by maintaining the accuracy and most current version of the personal data as you have provided to our Organization or being provided to our Organization.
2. Collection of Personal Data and Collection Method
Our Organization will process your personal data only pursuant to the purposes set out in this Information Note. In case of any change in the purpose of processing your personal data, you will be notified about the situation and a separate permission will be obtained from you in case required by the law.
Personal data of the clients particularly collected and used by our Organization are:
|Content of Personal Data|
|Identity Data||Information on documents such as driver’s license, identity card etc. containing information including name and surname, T.R. ID no., tax ID no., nationality, mother’s and father’s name, place and date of birth, gender, as well as signature/ initials details, name and surname of the insured, insurance holder, and applicant insured.|
|Communication Data||Phone number, fax number, mailing address information, country, city, email address (including extension and corporate email), insurance holder’s name and surname, address information.|
|Client Transaction Data||Records for the use of products and services and information such as instructions and demands required from the client for the use of products and services, trade registry number, survey reports, client number, contract numbers, transaction date, Insurance Application Form, relevant healthcare provider, official correspondences, damage status, information related to damage status, etc.|
|Philosophical belief, Religion, Denomination and Other Beliefs||Religion|
|Physical Place Security Data||Personal information related to the records and documents obtained while entering physical place and inside physical place during stay; camera footages, fingerprint records and records taken at the security point, etc.|
|Financial Data||Information such as bank name, IBAN information, account number, Credit Card Information, Policy’s gross/net premium amount, check information, indemnity premium amount.|
|Employment Data||Information such as job and professional information, income range, social security type, profession name, educational status.|
|Location Data||Information such as address information, certificate of residence, risk address, risk location, mailing address, region name.|
Your personal data are collected from all kinds of information and document submitted to our Organization both before and after forming a contractual relationship or during a contractual relationship, or obtained physically or electronically from public institutions and organizations and third parties under conditions set out in the law and through cameras we placed to Organization premises for security purposes.
3. Processing Purposes and Legal Reasons
Legal basis on processing of your personal data is to fulfil the legal obligations and requirements including, but not limited to, Insurance Law, Private Health Insurance Regulation, Insurance Support Services Regulation, Turkish Commercial Code, Turkish Code of Obligations,the Law on Prevention of Laundering Proceeds of Crime.
For the purposes of making a contract and carrying out offer processes, your personal data is processed in particular for, including but not limited to, carrying out offer processes, carrying out loss processes for all individual and corporate insurance policies, making current card transactions, carrying out all personal and corporate insurance (individual, life, automobile insurance, etc.) processes, carrying out performance report processes, keeping customer interviews, carrying out OYAK Health Platform/OYAK Platform application processes, carrying out all individual and corporate insurance renewal processes, carrying out invoicing processes, and notifying the authorized public institutions and organizations, etc.
Your personal data will be retained for a reasonable period of time, which is set out in the relevant legislation or which will last until the purpose of processing ceases to exist, but no longer than the statutory period of limitation.
4. Transfer of Personal Data to Third Parties
For the purposes stated above, your personal data may be transferred to authorized public institutions and organizations, the relevant suppliers of our Organization, business partners, affiliates and subsidiaries, and fund founders in order to fulfil legal obligations and contractual requirements including, but not limited to, Insurance Law, Private Health Insurance Regulation, Insurance Support Services Regulation, Turkish Commercial Code, Turkish Code of Obligations,the Law on Prevention of Laundering Proceeds of Crime.
5. Keeping Personal Data Secured and Confidential
Pursuant to article 12 of the PDP Law, our Organization takes all necessary technical and administrative measures to prevent the relevant personal data from being processed and accessed unlawfully, and to ensure an appropriate level of security for protecting the personal data being processed. In the event that the processed personal data is obtained by others through illegal means, our Organization shall notify the relevant data owner and the Personal Data Protection Authority as soon as possible.
6. Deletion, Destruction, and Anonymization of Personal Data
Pursuant to article 7 of the PDP Law, despite the fact that personal data is processed in accordance with the relevant legislation, personal data is deleted, destructed or anonymized by our Organization directly or upon the request of the data subject in case the reasons requiring the processing of personal data cease to exist.
Procedures and methods related to this shall be carried out according to the PDP Law, as well as the secondary legislation to be established based on this Law.
7. Rights of the Client
Pursuant to article 11 of the PDP Law, you can apply to our Organization to make requests on the following related to your personal data:
- Learning whether your personal data has been processed,
- If processed, requesting information related to your personal data,
- Learning the purpose of processing of the personal data and checking whether the personal data is used in accordance with the purpose,
- Learning about the third parties in domestic or at abroad where the personal data is transferred to,
- In the event of the Personal Data processed deficiently or erroneously, then requesting a correction regarding such data and a notification to the third parties, which the personal data has been transferred to, to inform them about the procedure in this context,
- In the event of the reasons requiring the processing of personal data cease to exist, then requesting the deletion, destruction or anonymization of the personal data, and requesting a notification to the third parties, which the personal data has been transferred to, to inform them about the procedure in this context,
- Raising objection against any result to your detriment by analysing the processed data exclusively through automatic systems,
- Demanding indemnification of the losses in case of incurring any loss due to unlawful processing of the personal data.
Our Organization shall fulfil your requests, arising from the PDP Law, through “Relevant Person Application Form”. Our Organization shall conclude your application requests free of charge according to the nature of request and latest within 30 (thirty) days pursuant to article 13 of the PDP Law. In the event of the request is rejected, then you shall be notified in writing or electronically about the reason(s) of rejection.
This Information Note may be revised by our Organization when considered as required. In the event of any revision, you shall be notified about the matter.