Information Obligation in Accordance with Articles 13 and 14 of GDPR (No: 2016/679) and the Article 10 of Personal Data Protection Law, (PDPL, No: 6698)
The following information is intended to give you an overview of the personal data processed by Ininal during your uses and transactions on Ininal card and other products and services and also to inform you about your data protection rights.
1. Data Controller responsible for data processing and Contact Person
İninal Elektronik Para Ve Ödeme Hizmetleri A.Ş.
Mecidiyeköy Yolu Caddesi No:12 | Trump Towers 2. Kule | Kat:9 N:448| Şişli/İstanbul
2. Method and Legal Reason of Collecting your personal data
We collect information about you from different places including:
directly from you
from a third party acting on your behalf
from publicly available sources
when we generate it ourselves
from other organisations.
We’ll only use your information in accordance with Articles (4, 5) and (6) of the PDPL, where we have your consent or we have another lawful reason for using it. Unless we say otherwise below, we’ll use your personal information on the basis that it’s within our legitimate interests in operating and maintaining the site, and providing you with site functionality and related services. We also use information to meet our compliance obligations, to comply with other laws (such as the one no. 6493 on payment service providers) and regulations and to share with regulators and other authorities that Ininal is subject to. This may include using it to help detect or prevent crime including terrorism financing, money laundering and other financial crimes. We collect and process your personal data almost electronically, via e-mail, call center, user account etc. and obtain your personal data in order to be able to present the products and/or services we offer within the legal framework and our legitimate interest.
3. For what purposes and on what legal basis is your personal data processed?
The company use the collected personal data according to the provisions laid down in GDPR and PDPL to:
Execute the Information Security Processes;
Receiving lost/stolen Card notifications,
Suspending your account or Blocking the card when necessary,
Fulfillment of confirmation procedures such as SMS, 3D Secure for physical and online purchases,
Ensure the Security of Data Controller Operations:
Fulfilling mandatory identification and verification procedures to ensure the highest level of personal, financial and commercial data security in electronic payment services
Managing our legal business processes such as KYC (Know Your Customer), AML (Anti-Money Laundering), anti-fraud (Fraud Prevention) and combat other illegal transactions, especially financial security processes,
Opening a User Account,
Execute Product / Service Sales Processes,
Carry out our obligations from any contracts entered into between you and us
Provide Information to Authorized Persons, Institutions and Organizations:
Responding to information-document requests of institutions/organizations that we have an audit and notification obligation such as judicial authorities, The Central Bank of the Republic of Turkey, Banking Regulation and Supervision Agency, Financial Crimes Investigation Board,
Execute / Supervise Business Activities:
Monitoring and controling of limited uses,
Identification in line with unlimited usage request,
Card printing and sending to the user,
Execution of transfer, conversion into funds and balance transactions for electronic money issuance request,
Execute Finance and Accounting Affairs;
Collection and accounting of electronic money refund/withdrawal, balance loading via mobile application, transfers to be made from ininal mobile application and other platforms that offer money transfer services over ininal infrastructure, and fees and commissions to be charged in case of electronic money being converted into funds
Market our Products / Services:
Planning and/or management of activities such as data analysis, research, proposal submission, statistical study, understanding trends in order to carry out the marketing processes of İninal Kart, products and/or services,
Sending commercial electronic messages to promote new İninal products and services within the scope of customer relations management,
Complete the necessary approval and activation processes for campaigns and discounts,
Carry out support and customer service processes such as information, announcements, contracted workplaces, campaigns, rewards points applications, regarding card usage
Complying with the Legislation:
Fulfilling our legal obligations in the legislation to which payment service providers are subject to.
Execute Storage and Archive Activities,
Manage Maintenance / Repair Processes,
Respond to your queries and feedback (for example, Evaluation of refund requests in expenditure objections)
Fulfil Notification Obligations Regarding Public Audits
4. Is data disclosed to a part?
Under certain conditions outlined in laws; ● no. 6493 on payment service providers ● no. 5549 on Prevention of Laundering Proceeds of Crime Law ● no.5651 on Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publication,) -known as “the Internet Law”), We may disclose your information;
●in order to provide you with products or services you’ve requested (for example, if they’re not provided by the Ininal entity operating this site), ● if we have a legitimate interest in doing so (for example, to manage risk, verify your identity, to combat fraud, abuse of our site or services), ● or where you’ve agreed to us doing so.; we may share your data with banks, law office, group companies, SMS companies,
●We may share your information with the competent public authorities who we’re under an obligation to disclose information to prevent or detect fraud, abuse of our site or services, or where it’s in the public interest ( for example to The Central Bank of the Republic of Turkey, Ministry of Treasury and so), ● and also to any of our service providers.
●Providing publicity and awareness about Ininal products and services in social media, video platforms, etc., establishing the necessary infrastructure and services for corporate electronic communication channels, providing data security with the required information systems; Within the scope of using applications such as instant messages, which is widely and inevitably used in daily life in order to carry out business activities quickly and effectively; We can share your data via our IT Outsourcers, Whatsapp,
●We also share your some data with the representatives of foreign / international organizations such as MasterCard, Visa, Troy or private institutions and organizations in order to carry out their activities as a representative of the company,
Your personal data shared through these tools and channels are processed on the servers and systems of those companies located abroad. You can take a look at the Privacy Policies of the relevant organizations regarding the security measures taken by the suppliers providing these services to protect your personal data given below:
5. Data retention
In accordance with the Art 7 in the Law, KVK no: 6698; We process and store your personal data as long as it is necessary for the fulfilment of legal obligations such as the laws no 6493 and 5549 and our legitimate interests. If the storage of personal data is no longer necessary for the fulfilment of these obligations, it will be deleted, unless there are legal obligations to retain such data (i.e. the Internet Law No: 5651 mentioned above), or such as commercial and fiscal obligations of for the preservation of evidence within the framework of statutory limitation rules.
6. Rights of the data subject
You have the following rights with regard to your personal data:
Right to information
Right to rectification or erasure
Right to restriction of processing
Right to object
Right to data portability
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
However, firstly you also have the option of contacting to the Contact Person of Data Controller mentioned above at Ininal.
If you have given us your consent (Art. 5/1 PDPL, Art. 6(1/a) GDPR), you can revoke it at any time with effect for the future.
If we base the processing of your personal data on legitimate interests (Art. 6(1/f) GDPR), you may object to the processing. In the event of such an objection, we kindly ask you to explain why we should not process your personal data. In the event of a justified objection, we will examine the situation and either discontinue or adapt the data processing or point out legitimate reasons why we will continue the processing, likewise in the Law, PDPL no: 6698
You can object to the processing of your personal data for advertising purposes at any time.
7. Submission of the Application
Pursuant to paragraph 1 of Article 13 of the PDPL, you can send your request for exercising your rights specified in article 11 of the same Law, to the Contact Person [email@example.com] by using the registered e-mail (REM) address or the e-mail address that you have previously notified to our company and registered in our system, or to our company's contact address in writing in person.
8. How to contact with the appropriate authority
Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact with the Personal Data Protection Authority (KVKK) in Turkey that contact details given below.
Kişisel Verileri Koruma Kurumu
Nasuh Akar Mahallesi,
Ziyabey Cad. 1407. Sok. No:4,
Tel : +90 312 216 50 00 Web: www.kvkk.gov.tr