PRIVACY NOTICE ON THE PROTECTION OF PERSONAL DATA
This Privacy Notice has been prepared in order to inform you about the scope of the fulfilment of our legal obligations arising from the relevant legislation within the framework of Article 10 of the Law and the Communique on Principles and Procedures to be Followed in Fulfilment of the Obligation to Inform, since we, as Aksigorta Anonim Şirketi ("Company" and/or "Aksigorta"), have the title of Data Controller within the scope of the Personal Data Protection Law No. 6698 ("Law").
1. In General
Our Company processes the personal data belonging to you, our individual customers or corporate customer officials ("Customer"), our prospective customer or prospective corporate customer officials ("Prospective Customer") and Aksigorta.com.tr ("Our Website") visitors in accordance with the provisions of the Constitution of the Republic of Türkiye, the Law and the relevant legislation within the scope of the purposes detailed below. As it has been until today, your personal data will be processed in connection with and in proportion to our field of activity and service purposes, provided that they are not used outside the purposes and scope specified in this Privacy Notice, in cases permitted by the Law by taking information security measures, if necessary, they may be transferred to third parties in accordance with the legislation and will be stored for periods in accordance with the legislation.
This Privacy Notice may be updated by our Company in the event of changes in the Law, and regulations regarding the processing of personal data and/or changes in the purposes and reasons for processing your personal data or similar developments. In such cases, the updated version of the Privacy Notice will be published on our Company's website.
Detailed information regarding the purposes for which your personal data is processed by our Company and for which purposes it is transferred to third parties is provided below. You can find detailed information about the business partners with whom Aksigorta shares your personal data here.
2. Collection Means and Legal Bases for Processing Personal Data
2.1. Collection Means
Your personal data and your special categories of personal data, limited to health data, may be collected verbally, in writing or electronically through various means, primarily Aksigorta website, in order for you to benefit from the services offered by our Company, although it may vary depending on the insurance product offered. In this context, your personal data can be collected by our Company through third parties such as insurance companies, agencies, brokers, online applications, application forms, call centre, e-mail/help screen, service/product supply companies, contracted health institutions, public institutions and organisations authorised in accordance with the Insurance Law No. 5684 and the relevant legislation, and databases permitted by the legislation.
Aksigorta may also process the personal data you provide through social media platforms (Facebook, Twitter, Instagram and Youtube channels). The confidentiality and usage policies of the relevant platform are valid for the content provided by the relevant social media platforms.
In addition to these, Aksigorta also collects personal data through cookies on its website. For more detailed information on cookies, please see Aksigorta Cookie Policy.
2.2. Legal Bases
Your personal data collected by Aksigorta, although it may vary depending on the insurance product offered; In accordance with Article 5/1 of the Law, it is processed by automatic and non-automatic means in case of your explicit consent or based on the legal bases listed in Article 5/2 of the Law.
In addition, in cases where it is necessary for you to benefit from the services offered by Aksigorta, your special categories of personal data, limited to health data, may be processed based on your explicit consent pursuant to Article 6/3 of the Law or on the legal bases that it is expressly stipulated in the law or is mandatory for the establishment, exercise or protection of a right. The legal bases on which your personal data are processed are detailed in the table below.
3. Processed Personal Data, Purposes of Processing and Legal Bases
3.1. Personal Data Processed
Your personal data processed by our Company may vary depending on the products and/or services you receive from Aksigorta and the nature of the legal relationship established with you. However, in general terms, the personal data we process are as follows (you can access the privacy notice prepared for the insurance product on our website):
Identity Information: Name-surname, Turkish ID number/foreign ID number, nationality, date of birth, gender, driving licence information, passport information, father's name, mother's name, age, date of death.
Contact Information: Telephone number, fax, mobile phone, e-mail, NVI address, social media contact information.
Occupational Experience Information: Occupation, occupation code, specialisation information, type of educational registration, assistantship information.
Physical Information: Height, weight.
Legal Proceeding Information: Information on correspondence with judicial authorities, and information on the case file.
Customer Transaction Information: Policy number, addendum number, policy commencement date, policy end date, risk address, insured information, name of the agency, call centre records, and claim information.
Financial Information: Credit/debit card information, account holder, account details, IBAN number.
Transaction Security: Customer information, IP addresses, passwords and passcodes required to access electronic insurance channels.
Marketing Information: Targeting information, cookie records, information derived from data enrichment activities, information and evaluations obtained as a result of surveys, campaigns and direct marketing activities.
Special Categories of Data: Health data such as general health information, current disease/complaint/treatment information, harmful substance uses habits, pregnancy information, x-ray results, laboratory results, and body mass index.
Other Information: Proximity information with the insured, spouse ID number, adult child ID number, relatives who can benefit from the insurance coverage, vehicle information, licence plate information, physical location security information (entry/exit records, visit information, photographs and camera records.
3.2. Purposes of Processing and Legal Bases
|
Data Category |
Purpose of Processing |
Legal Basis |
|---|---|---|
|
Identity Information |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, performing current reconciliation and collection transactions, carrying out addendum transactions, collecting policy premiums by credit card, creating accounting records, appointing claim adjusters and appraisals, providing assistance services, creating policy proposals, conducting damage investigations, preparing damage files and reconciliation of payment as a result of damage, monitoring of uncertain damage files, making and following up subrogation claims against insurance companies and third parties, evaluating and responding to subrogation claims submitted by insurance companies and third parties, providing services within the scope of the insurance contract to third parties who are the beneficiaries or interested parties of the insurance contract, carrying out communication activities, informing through communication tools regarding the policy proposal, execution of the insurance contract you have signed with our agencies, identification of the transactor, execution of insurance reinsurance and coinsurance processes. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Identity Information |
Ensuring the security of payment information, making bank payments, querying policy information of the insured through Aksigorta systems, conducting call centre activities, evaluating customer requests, suggestions and complaints, verifying the phone number, conducting internal audit activities, creating requests via the "Ada Recieve Proposal" page, creating records via the "Corporate Customer Registration Form", creating records with the "Unclaimed Funds Form", informing our agencies, authorised persons, institutions and organisations, carrying out contract processes, carrying out risk management processes, monitoring and executing legal affairs, managing risk assessment processes in accordance with the Insurance Legislation. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Identity Information |
Conducting marketing, advertising and campaign processes, managing commercial electronic message permissions in accordance with the obligations arising from Law No. 6563 on the Regulation of Electronic Commerce and the secondary legislation ("Electronic Commerce Legislation"), |
Explicit consent (Art. 5/1 of the PDPL). |
|
Identity Information |
Carrying out customer satisfaction surveys and interviews, creating statistics, carrying out communication activities, conducting and monitoring legal affairs and transactions, carrying out risk management processes, carrying out audit processes, and conducting reconciliation processes with supplier companies. |
Having a legitimate interest (Art. 5/2-f of the PDPL). |
|
Identity Information |
Fulfilling the obligations within the scope of prevention of laundering proceeds of crime, conducting internal audit activities, providing information to authorised persons, institutions and organisations, managing risk assessment processes in accordance with the Insurance Legislation, and carrying out identity verification processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Contact Information |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, performing current reconciliation and collection transactions, carrying out addendum transactions, collecting policy premiums by credit card, creating accounting records, appointing claim adjusters and appraisals, providing assistance services, creating policy proposals, conducting damage investigations, preparing damage files and reconciliation of payment as a result of damage, monitoring of uncertain damage files, making and following up subrogation claims against insurance companies and third parties, evaluating and responding to subrogation claims submitted by insurance companies and third parties, providing services within the scope of the insurance contract to third parties who are the beneficiaries or interested parties of the insurance contract, carrying out communication activities, informing through communication tools regarding the policy proposal, execution of the insurance contract you have signed with our agencies, identification of the transactor, execution of insurance reinsurance and coinsurance processes. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Contact Information |
Ensuring the security of payment information, making bank payments, querying the policy information of the insured through Aksigorta systems, conducting call centre activities, evaluating customer requests, suggestions and complaints, verifying the phone number, managing risk assessment processes in accordance with the Insurance Legislation, creating requests via the "Ada Recieve Proposal" page, creating records via the "Corporate Customer Registration Form". |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Contact Information |
Conducting marketing, advertising and campaign processes, managing commercial electronic message permissions in accordance with the obligations arising from Law No. 6563 on the Regulation of Electronic Commerce and the secondary legislation ("Electronic Commerce Legislation"), |
Explicit consent (Art. 5/1 of the PDPL). |
|
Contact Information |
Carrying out customer satisfaction surveys and interviews, creating statistics, carrying out communication activities, conducting and monitoring legal affairs and transactions, carrying out risk management processes, carrying out audit processes, and conducting reconciliation processes with supplier companies. |
Having a legitimate interest (Art. 5/2-f of the PDPL). |
|
Contact Information |
Fulfilling the obligations within the scope of prevention of laundering proceeds of crime, managing risk assessment processes in accordance with the Insurance Legislation, conducting internal audit activities, providing information to authorised persons, institutions and organisations, and carrying out identity verification processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Occupational Experience Information |
Submission of policy proposals and renewal proposals, issuance of policies, calculation and reporting of policy premiums, and querying policy information of the insured through Aksigorta systems. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Occupational Experience Information |
Executing processes related to subrogation claims to insurance companies and third parties, executing subrogation processes submitted by insurance companies and third parties, conducting call centre processes, submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, fulfilling the obligations under the insurance contract, carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Occupational Experience Information |
Fulfilling the obligations within the scope of prevention of laundering proceeds of crime and carrying out identity verification processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Physical Information |
Submitting policy proposals and renewal proposals, issuing policies, and calculating and reporting policy premiums. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Physical Information |
Submitting policy proposals and renewal proposals, issuing policies, and managing risk assessment processes in accordance with the Insurance Legislation. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Physical Information |
Managing risk assessment processes in accordance with the Insurance Legislation, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, and carrying out storage and archive activities. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Legal Proceeding Information |
Carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities, carrying out information and transaction security processes, conducting communication activities, evaluating and responding to subrogation claims submitted by insurance companies and third parties, execution of risk management processes, fulfilling the obligations within the scope of prevention of laundering proceeds of crime. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Legal Proceeding Information |
Carrying out internal audit activities, providing information to authorised persons, institutions and organisations, executing processes regarding subrogation claims to insurance companies and third parties, executing subrogation processes submitted by insurance companies and third parties, carrying out premium collection and refund processes, carrying out compensation processes, fulfilling the obligations under the insurance contract, fulfilling the obligations arising from the legislation, monitoring legal affairs, carrying out storage and archive activities, |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Legal Proceeding Information |
Carrying out risk management processes, carrying out audit processes, and carrying out insurance reinsurance and coinsurance processes. |
Having a legitimate interest (Art. 5/2-f of the PDPL). |
|
Customer Transaction Information |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, performing current reconciliation and collection transactions, carrying out addendum transactions, creating accounting records, appointing claim adjusters and appraisals, providing assistance services, creating policy proposals, conducting damage investigations, preparing damage files and reconciliation of payment as a result of damage, monitoring of uncertain damage files, making and following up subrogation claims against insurance companies and third parties, evaluating and responding to subrogation claims submitted by insurance companies and third parties, providing services within the scope of the insurance contract to third parties who are the beneficiaries or interested parties of the insurance contract, identification of the transactor, executing insurance reinsurance and coinsurance processes. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Customer Transaction Information |
Executing processes regarding subrogation claims to insurance companies and third parties, executing subrogation processes submitted by insurance companies and third parties, conducting premium collection and refund processes, carrying out compensation processes, conducting provision processes with health institutions and other institutions, conducting call centre processes, submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, fulfilling the obligations under the insurance contract, collecting policy premiums by credit card, carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Customer Transaction Information |
Carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities, carrying out information and transaction security processes, conducting communication activities, evaluating and responding to subrogation claims submitted by insurance companies and third parties, carrying out risk management processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Financial Information |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, performing current reconciliation and collection transactions, creating accounting records, making payment reconciliation as a result of damage, providing services within the scope of the insurance contract to third parties who are the beneficiaries or interested parties of the insurance contract, querying policy information of the insured through Aksigorta systems, carrying out payment and accounting processes, fulfilling the obligations under the insurance contract, carrying out premium collection and refund processes, carrying out compensation processes, carrying out provision processes with health institutions and other institutions, executing insurance reinsurance and coinsurance processes. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Financial Information |
Executing processes regarding subrogation claims to insurance companies and third parties, executing subrogation processes submitted by insurance companies and third parties, conducting premium collection and refund processes, carrying out compensation processes, conducting provision processes with health institutions and other institutions, conducting call centre processes, submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, fulfilling the obligations under the insurance contract, collecting policy premiums by credit card, carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Financial Information |
Carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities, carrying out information and transaction security processes, evaluating and responding to subrogation claims submitted by insurance companies and third parties, carrying out risk management processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Financial Information |
Carrying out risk management processes, carrying out audit processes, conducting reconciliation processes with supplier companies, executing insurance reinsurance and coinsurance processes, and conducting communication activities |
Having a legitimate interest (Art. 5/2-f of the PDPL). |
|
Transaction Security |
Querying policy information of the insured through Aksigorta systems, carrying out payment and accounting processes, fulfilling the obligations under the insurance contract, carrying out premium collection and refund processes, carrying out compensation processes, and carrying out provision processes with health institutions and other institutions. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Transaction Security |
Fulfilling the obligations under the insurance contract, collecting policy premiums by credit card, carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing technological improvements, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Transaction Security |
Carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities, carrying out information and transaction security processes, and carrying out risk management processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
|
Transaction Security |
Carrying out risk management processes, carrying out audit processes, conducting reconciliation processes with supplier companies, and conducting communication activities. |
Having a legitimate interest (Art. 5/2-f of the PDPL). |
|
Marketing Information |
Conducting marketing, advertising and campaign processes, managing commercial electronic message permissions, and managing communication activities in accordance with the obligations arising from Law No. 6563 on the Regulation of Electronic Commerce and the secondary legislation ("Electronic Commerce Legislation"). |
Explicit consent (Art. 5/1 of the PDPL). |
|
Special Categories of Personal Data |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, fulfilling the obligations under the insurance contract, carrying out identity verification processes, performing the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, and carrying out storage and archive activities. |
Explicitly stipulated in the Laws (Art. 6/2-b of the PDPL). |
|
Special Categories of Personal Data |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, fulfilling the obligations under the insurance contract, performing the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, and carrying out storage and archive activities. |
Establishment, exercise or protection of a right (Art. 6/2-d of the PDPL). |
|
Other Data |
Submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, performing current reconciliation and collection transactions, carrying out addendum transactions, creating accounting records, appointing claim adjusters and appraisals, providing assistance services, creating policy proposals, conducting damage investigations, preparing damage files and reconciliation of payment as a result of damage, monitoring of uncertain damage files, making and following up subrogation claims against insurance companies and third parties, evaluating and responding to subrogation claims submitted by insurance companies and third parties, providing services within the scope of the insurance contract to third parties who are the beneficiaries or interested parties of the insurance contract, carrying out communication activities, informing through communication tools regarding the policy proposal, execution of the insurance contract you have signed with our agencies, identification of the transactor, execution of insurance reinsurance and coinsurance processes. |
Necessary for the establishment or performance of a contract (Art. 5/2-c of the PDPL). |
|
Other Data |
Querying policy information of the insured through Aksigorta systems, executing processes regarding subrogation claims to insurance companies and third parties, executing subrogation processes submitted by insurance companies and third parties, conducting premium collection and refund processes, carrying out compensation processes, conducting provision processes with health institutions and other institutions, conducting call centre processes, submitting policy proposals and renewal proposals, issuing policies, calculating and reporting policy premiums, fulfilling the obligations under the insurance contract, carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities, executing insurance reinsurance and coinsurance processes. |
Establishment, exercise or protection of a right (Art. 5/2-e of the PDPL). |
|
Other Data |
Carrying out identity verification processes, fulfilling the obligations arising from the legislation, providing information to authorised persons, institutions and organisations, monitoring legal affairs, carrying out storage and archive activities, carrying out information and transaction security processes, evaluating and responding to subrogation claims submitted by insurance companies and third parties, carrying out risk management processes. |
Fulfilment of the legal obligation of the data controller (Art. 5/2-ç of the PDPL). |
4. Transfer of Personal Data
Aksigorta acts in accordance with the decisions and relevant regulations stipulated in Articles 8 and 9 of the Law and taken by the Personal Data Protection Board regarding the transfer of personal data. In this context, our Company transfers personal data provided that the necessary security measures are taken and limited to the purposes specified in this Privacy Notice.
However, personal data is shared with courts and other public institutions due to and limited to our legal obligations. In addition, personal data may be transferred to third parties within the framework of a contractual relationship in order to provide services within the scope of our field of activity and to perform quality control of the services provided. In this context, your personal data may be shared with business partners with whom we cooperate domestically and whose services we benefit from, including companies providing software support services, lawyers, consultants, and, business partners, service providers and/or third parties acting as intermediary service providers from whom we cooperate and/or receive services, authorized agents/brokers, reinsurers, claim adjusters, assistance companies, provision service organizations, other insurance companies, health institutions, Insurance Information and Monitoring Center, Financial Crimes Investigation Board (MASAK), Undersecretariat of Treasury General Directorate of Insurance and the relevant official authorities, supervisory and regulatory public institutions and organizations within the framework of the Insurance Law and other legislation provisions, contracted banks and, in accordance with the legislation, with the cloud service provider located abroad and with which we cooperate in order to carry out storage and archive activities, and reinsurers where necessary for the provision of services.
5. Data Subject Rights
By applying to our Company, which is the Data Controller; You have the right to inquire whether your personal data is processed, request information if it has been processed, inquire about the purpose of processing your personal data and whether it is used in accordance with its purpose, inquire whether it is transferred domestically or abroad, request rectification if it is incomplete or incorrectly processed, request compensation for your damage in case you suffer damage due to unlawful processing of your personal data, request its erasure or destruction.
In order to exercise your rights specified in the Law, you can send the form in which you will clearly specify which of your rights you want to exercise in writing to the address specified below by hand delivery, mail or cargo or notary public, to our registered electronic mail (KEP) address with secure electronic signature and mobile signature or to the e-mail address specified below via your e-mail address previously notified to us and registered in our system. Written applications from the data subject to our Company containing the above-mentioned requests will be responded within 30 (thirty) days. If you are acting on behalf of someone else in the matter you are requesting, you must be specially authorised and your authorisation must be documented, the application must contain identity and address information and documents certifying your identity must be attached to the application.
Contact Us
Since our Company must keep the personal data of the data subjects accurate and up-to-date pursuant to Article 4 of the Law, you are required to share accurate and up-to-date data with Aksigorta in order to fulfil these obligations. In case your personal data changes for any reason, we kindly ask you to update your information by visiting your profile page in our application. If you have any questions or concerns regarding our practices of this Privacy Notice or if you have an access request, you can contact us at the address below.
Title: Aksigorta A.Ş.
MERSIS number: 0035-0003-0220-0016
E-mail: kvkk@aksigorta.com.tr
Telephone number: 0216 280 88 88
Contact Address: Poligon Cad. Buyaka 2 Sitesi, No:8 Kule:1, Kat: 0-6 Ümraniye 3477 İstanbul-Türkiye