Financial Health
Search History
      Suggested Results

        Information About Risk Group

        General Scope of the Law

        As LYCA P. B.., we are referred to as "Data Controller" in the Law No. 6698 on the Protection of Personal Data. For the purposes of the law, "data processing" means any operation, which is performed on personal data, such as collection, recording, retention, storage, updating, classification, disclosure to third parties to the extent allowed by the legislation, or transfer to third parties, whether using fully- or partially-automated methods, or with non-automated methods, provided that it is a part of a data filing system.

        You can access our Bank’s detailed explanation about the Protection of Personal Data from this link.

        Why and for which purpose do we use your personal data if you are in a risk group?

        You, your spouse and children, the undertakings where the aforementioned are members of board of directors or general manager, or the undertakings which they or a legal person controls individually or jointly, directly or indirectly or participates with unlimited responsibility; a bank’s qualified shareholders, board members and general manager, as well as the undertakings they control individually or jointly, directly or indirectly or participate with unlimited responsibility, or where they are members of board of directors or general manager; and natural and legal persons that have surety, guarantee or similar relationships where the insolvency of one will lead to the insolvency of the other constitute a risk group.

        In addition to the foregoing, other natural persons and legal entities to be included in the scope of the risk group are determined by the Banking Regulation and Supervision Agency.

        Our Bank may process your personal data, even if you are not our customer, for the purpose of determining, monitoring, reporting and inspecting the risk group you will be included in, with a view to determining the limits of the loan to be extended to a particular risk group under the banking legislation.

        With whom do we share your personal data?

        We may share your personal data with persons or entities permitted by the Banking Law and the legislation, public legal entities such as the Banking Regulation and Supervision Agency, our main shareholder, and other institutions from whom we procure services and with whom we cooperate for conducting our banking activities.

        Where can we access your personal data?

        Your personal data may be collected verbally, in writing or via electronic media through the Head Office, Branch Offices and services provided by the public authorities.

        What are your rights under the Law?

        At any time you may apply to our bank, and

        • learn whether your personal data are processed or not, for which purpose they are processed and whether they are used for the intended purpose, and if processed, request information on this processing operation;
        • learn the third parties with whom your data is shared in the country and abroad in accordance with the law;
        • request correction of your data if you believe that they were processed incompletely or inaccurately;
        • request deletion or destruction of your data in accordance with the terms and conditions set forth in Article 7 of the Law;
        • request that third parties to whom your data were transferred be notified of your requests set forth in the third and fourth subparagraphs above, and request them to perform the same procedures;
        • file an objection against an outcome which is against your interest as a result of analysis of the processed data with automated systems, or if you believe that they were recorded or used unlawfully and have thus incurred damages, you may request indemnification for your damages.

        If the application you filed for the foregoing purposes requires additional expenses to be incurred, you may need to pay the price indicated in the tariff to be determined by the Personal Data Protection Board. Your requests specified in your application will be concluded as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request.

        You may communicate your applications for exercising your rights under the law to our branches in writing, and visit the webpage of the Personal Data Protection Board for detailed information.

        Kind Regards,