Public Disclosure Text On Protection Of Personel Data
AK PORTFÖY YÖNETİMİ A.Ş.
INFORMATION TEXT ON PERSONAL DATA PROTECTION
We, as AK Portföy Yönetimi A.Ş. (“Ak Asset Management”), act in the capacity of data controller and take the necessary measures during the storage, processing and transfer of your personal data in accordance with the Law No. 6698 on the Protection of Personal Data ("PDPL") and the principle of privacy and protection of fundamental rights and freedoms of individuals.
We have prepared our Disclosure Text on the Processing of Personal Data ("Disclosure Text") in order to inform the relevant data subjects about the processing, storage and transfer of your personal data within the framework of PDPL and legal regulations. On this page, you can access information about us as the data controller, the purpose for which personal data will be processed, to whom and for what purpose data may be transferred, the method and legal reason for collecting personal data, and all information about your rights listed in the PDPL.
Amendments may be made in the Disclosure Text as necessary. The amendments shall become effective upon publication.
OUR PURPOSES FOR PROCESSING YOUR PERSONAL DATA AND REASONS FOR COMPLIANCE WITH THE LAW
As Ak Asset Management, our processing purposes, data categories and legal reasons regarding the processing, storage and transfer of your personal data within the framework of our activities pursuant to the Capital Markets Law No. 6362 are detailed in the tables below.
| Data Category Processed | Purposes of Processing | Legal Reasons for Processing Personal Data |
| Finance, Communication, Identity, Customer Transaction, Professional Experience, Risk Management | Within the scope of the Capital Markets Law No. 6362 and related legislation, managing portfolios consisting of capital market instruments as a proxy holder based on the portfolio management contract concluded with our customers and performing capital market activities |
It is directly related to the conclusion or performance of the contract,
It is mandatory for the fulfillment of our legal obligation |
| Finance, Communication, Identity, Customer Transaction, Risk Management | Updating the information of our customers, sending monthly account statements to our customers, realizing the transfer of capital market instruments and cash assets | |
| Finance, Communication, Identity, Audiovisual Records, Professional Experience, Customer Transaction, Risk Management | Monitoring of finance and/or accounting affairs, fulfillment of budget and financial reporting processes |
It is explicitly stipulated in the law,
It is mandatory for the fulfillment of our legal obligation |
| To record the identity, address, tax number and other similar information in order to record the information for identifying the owner and addressee of all kinds of business and transactions to be carried out in electronic or paper environment and to organize the information and documents which will be the basis of the transactions | ||
| Finance, Communication, Identity, Audiovisual Records, Professional Experience, Customer Transaction, Risk Management, Criminal Conviction | Complying with information retention, reporting and disclosure obligations requested by public institutions and judicial authorities (Central Registry Agency (MKK), Financial Crimes Investigation Board (MASAK), Turkish Capital Markets Association (TCMA), Borsa Istanbul A.Ş. (BIST), Takasbank, Revenue Administration (GİB), Banking Regulation and Supervision Agency (BRSA), Capital Markets Licensing Registry and Training Agency (SPL), Custodian Institution, courts) | |
| Finance, Communication, Identity, Professional Experience, Customer Transaction, Marketing | Performing efficiency analysis of our commercial activities, and determining and implementing commercial and business strategies accordingly | It is mandatory to process your data for our legitimate interest, provided that it does not harm your fundamental rights and freedoms |
| Finance, Audiovisual Records, Legal Action, Communication, Identity, Professional Experience, Customer Transaction, Risk Management | Reporting suspicious transactions to the Financial Crimes Investigation Board in order to prevent money laundering, implementing Know Your Customer principles, managing Anti-Money Laundering processes |
It is explicitly stipulated in the law,
|
| Executing and auditing risk management and information security processes | ||
| Fulfillment of internal control, reporting and oversight activities | ||
| Finance, Audiovisual Records, Legal Action, Communication, Identity, Professional Experience, Customer Transaction, Risk Management |
Comparing the customer database with international banned persons lists during customer acquisition as well as at certain intervals on a periodic basis
|
|
| Finance, Communication, Identity, Audiovisual Records, Legal Action, Professional Experience, Customer Transaction | Recording and evaluating customer feedback (suggestions, requests, complaints) submitted to our company, sharing them with the relevant units according to the case analysis, making improvements and providing feedback to the relevant person | In case data processing is mandatory for the establishment, exercise or protection of a right |
| Finance, Communication, Identity, Professional Experience, Customer Transaction, Marketing | Carrying out information, promotion and advertising activities about new products and projects | If you have given your explicit consent |
| Conducting surveys to maintain customer satisfaction and informing them | ||
| Conducting marketing analysis and modeling studies in order to offer all products and services offered by our Company to our customers in a customized manner |
Your personal data is processed by Ak Asset Management ("Our Company") as the Data Controller for the purposes stated above and in accordance with the articles of PDPL.
DATA CONTROLLER AND DATA PROCESSOR
Data Controller
The data controller is the real or legal person determining the purposes and methods of processing personal data and is responsible for the establishment and management of the data recording system. At this point, our Company is the Data Controller in terms of the data of our customers, visitors and employees.
Information about our Company acting as the Data Controller is provided below.
| Title | AK PORTFÖY YÖNETİMİ A.Ş. |
| Address | Sabancı Center Kule:2 Kat:12 4. Levent 34330 Beşiktaş - İSTANBUL |
| Mersis / Registry No. | 0011018353900012 / 440689 |
Data Processor
Data processors are real or legal persons who process data on behalf of the data controller. These persons may also be a separate real or legal person authorized by the data controller to process personal data.
As Ak Asset Management, we may authorize third parties as data processors in order to fulfill the obligation to disclose in the collaborations we establish. Information provided by data processing companies represents the processes of our Company.
YOUR PERSONAL DATA AND METHODS OF COLLECTION
In order to fulfill the purposes specified in this text, your data is collected:
- Directly during the establishment of your legal relationship with our company,
- Through official and authorized institutions and organizations (Takasbank, MASAK, Central Registry Agency, Identity Sharing System (KPS), Capital Markets Board (CMB), Capital Markets Licensing Registry and Training Organization (SPL), Revenue Administration (GİB)),
- Through our Company's parent company, subsidiaries of the parent company and related parties of the parent company,
- By real or legal third parties from whom our Company receives or provides services to,
- Through the cookies used on our website,
- Through the mobile channel,
- Through the Call Center
. Data may be collected automatically or partially automatically by our Company from verbal, written or electronic media outside our Company or may be obtained by non-automatic means provided that it is registered in any data recording system. Necessary precautions are taken within the framework of the legislation to ensure the confidentiality and security of such personal data.
Personal data processed by our Company are categorized and explained in the table below to help you gain more detailed information.
Your Personal Data:
| Personal Data Category | Personal Data |
| Identity | Name-Surname, TR ID No, gender, nationality, place of birth, date of birth, marital status |
| Contact | Email address, home/work address, phone number |
| Finance | Bank account number, IBAN number, financial performance information, credit and risk information, income information, asset information, reporting data |
| Risk Management | Salary information, asset-income information, employment type, working time, data obtained from KPS and APS, information processed for the management of commercial, technical and administrative risks such as Credit Reference Agency and The Banks Association of Türkiye Risk Center Data. |
| Customer Transaction | Customer data bank ("CDB") information, request information |
| Audio and Visual Recordings | Call center voice recordings, camera recordings, headshots |
| Legal Action | Information in the correspondence with judicial authorities, Information in case files |
| Marketing | Cookie registries, pages viewed through the Ak Asset Management website, surveys, information obtained through campaign work |
| Professional Experience | Diploma information, courses attended, vocational training information, Certificates, Transcript information, workplace, type and duration of employment |
TRANSFER OF PROCESSED PERSONAL DATA AND RECIPIENT ORGANIZATIONS
In accordance with Articles 8 and 9 of the Law on the Protection of Personal Data, personal data may be transferred without explicit consent provided that the data processing purposes meet the conditions specified in paragraph 2 of Article 5 . The transfer of data processed with explicit consent is also carried out with the explicit consent of the data subject.
Within the framework of the Capital Markets Law and its sub-regulations, your personal data held by our Company may be transferred within the scope of the organizations and purposes defined in the table below in order for our company to be able to deliver services to you or to improve these services based on the authorization certificates we have.
Personal data regarding the determination of access information such as the identity and address of the customer in the legal regulations and their storage within the legal periods, as well as the regulations regarding the storage of information, reporting and information obligations stipulated by the legal authorities, are recorded, stored, maintained, classified, updated in our systems by our Company as the Data Controller and transferred to domestic/foreign third parties due to legal requirements and / or the requirements of the fulfillment of the service we operate in, or may be processed in the ways listed in the LPPD.
You can find detailed information about the organizations with whom your personal data is shared and the purposes of sharing with these organizations in the table below.
| Organizations | Purposes |
| Domestic/foreign persons, institutions or organizations required or permitted by the provisions of the Capital Markets Law and other Laws and Legislation | To be able to offer the products and services you receive from our company |
| Program partner institutions, organizations, domestic/foreign intermediary institutions (Banks and intermediary institutions) from whom we receive services or cooperate to carry out our capital market activities | To establish, operate and terminate the service relationship with the customer and to meet the products and services received by our customers |
| Custodian institutions (Akbank T.A.Ş., Ak Yatırım, Takasbank, Menkul Değerler A.Ş.) | To store and/or keep records of financial assets, verify and track the ownership of other assets, keep records, control the fulfillment of transactions related to asset and cash movements |
| Public legal entities authorized by law to receive personal data (e.g. BRSA, CMB, CBRT, MASAK) | To carry out risk management, risk monitoring activities and legal reporting, to carry out regulatory and audit activities, to handle complaints and legal processes |
| Related parties (parent company, subsidiaries of the parent company, related parties of the parent company) | To provide the requested asset management products and services, to establish, operate and terminate the service relationship with Clients, to perform risk management and internal audit activities |
| External service providers, independent audit companies, law firms | To be able to receive support and consultancy services for our Company |
RIGHTS OF THE RELEVANT PERSON WHOSE PERSONAL DATA IS PROCESSED
In accordance with the provisions of the LPPD, you may exercise the following rights by applying to Ak Asset Management:
- Learn whether their personal data are processed or not,
- Request information if their personal data are processed,
- Learn the purpose of processing the personal data and whether they are used in compliance with the respective purpose,
- Know the third persons to whom their personal data are transferred at home or abroad,
- Request the rectification of the incomplete or inaccurate data, if any,
- Request deletion or destruction of personal data,
- In case of correction, deletion or destruction of personal data; to request notification of these transactions to third parties to whom personal data are transferred,
- Object to any unfavorable circumstances arising from the exclusively processed data by means of automatic systems,
- Request compensation for the damage arising from the unlawful processing of their personal data.
You may contact our Company through the channels mentioned below if you wish to submit your requests within this scope or withdraw the Explicit Consent you have given. The submitted requests will be finalized by Ak Asset Management free of charge within thirty days at the latest. However, if a fee is stipulated by the Personal Data Protection Board, our company may charge for the fee in the specified tariff.
Pursuant to the Article 11 and Article 13/Paragraph 1 of the PDPL and the Communiqué on the Procedures and Principles of Application to the Data Controller, you may submit your requests regarding these rights;
- By presenting in person to our institution at the address of Sabancı Center Kule 2 Kat:12 4. Levent Beşiktaş/ISTANBUL,
- Through our registered electronic mail (REM) address akportfoy@hs01.kep.tr,
- Through a notary public, registered letter with return receipt requested or the approved "Data Subject Request Form" available on our website in order to determine your identity and not to provide information to the wrong persons, or
- By sending an e-mail to info@akportfoy.com.tr by using a secure electronic signature, mobile signature or (if available) via the e-mail address notified by you to our institution and registered in our systems.
Your application must include the following:
- Name, surname and signature if your application is in writing,
- Turkish identity number for the citizens of Turkish Republic while for foreign people, nationality, passport number or identity number, if available,
- Address of residential area or place of business for notification,
- Electronic mail address, telephone and fax number for notification, if available,
- Subject of the request.
You must also attach the relevant information and documents to your application.
Personal Data Protection and Privacy Policy: PDPL Data Subject Request Form: