Privacy Notice (Istanbul)
Privacy Notice for Third Parties
1. INTRODUCTION
On 7 April 2016 the Turkish Data Protection Law (the "TDPL") came into force in Turkey. As part of our implementation we are obliged to provide our customers, vendors and suppliers ("Third Parties") with a privacy notice. This notice is prepared to inform you about the personal data that Japan Bank for International Cooperation ("JBIC") possesses relating to you, how you can expect your personal data to be used and for what purposes. JBIC is established at 4-1 Ohtemachi 1-chome Chiyoda-ku 100-8144 Tokyo Japan. This Privacy Notice covers the data processing activities pursued by JBIC via its liaison office in Istanbul, Turkey.
JBIC is a "data controller". This means that we are responsible for deciding how we collect and process personal data about you.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
2. DATA PROTECTION PRINCIPLES
We will comply with data protection law. This says that the personal data we process must be:
- (a) Used lawfully, fairly and in a transparent way.
- (b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- (c) Relevant to the purposes we have told you about and limited only to those purposes.
- (d) Accurate and kept up to date.
- (e) Kept only as long as necessary for the purposes we have told you about.
- (f) Kept securely.
3. THE KIND OF INFORMATION WE COLLECT
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal data we collect in the course our relation with Third Parties is very limited. We collect only information about their personnel (name, company name, department, title, photographs, company address, work email addresses, telephone numbers, fax numbers, educational background, work history, qualifications, bank account number, information about transactions and payment between us and Third Parties).
4. HOW YOUR PERSONAL DATA IS COLLECTED
We may collect personal data about you through oral, written, electronic or other automatic or non-automatic means including:
- in the course of our contracts (or negotiations) with Third Parties; and/or
- from business cards.
5. HOW WE WILL USE YOUR PERSONAL DATA
5.1. Purpose of processing personal data
We will only process your personal data when the law allows us to. Most commonly, we will process your personal data in the following circumstances by automatic or non-automatic means:
- (a) Where we need to perform the contract we have entered into with you.
- (b) Where we need to comply with any legal obligations.
- (c) Where it is mandatory for our legitimate interests fundamental rights do not override those interests.
- (d) Where data processing is mandatory for the establishment, exercise or protection of any right
We may also use your personal data in the following situations, which are likely to be rare:- (i) Where processing is mandatory for the protection of the life or physical integrity of the person or any other person who is bodily incapable of giving their consent or whose consent is not deemed legally valid.
- (ii) Where you made the personal data available to the public.
- (iii) Where there is clear provision in the laws regarding the processing.
5.2. Situations in which we will use your personal data
We may process your information predominantly for the purposes stated under the Annex:
Some of the grounds stated in the Annex for processing will overlap and there may be several grounds, which justify our use of your personal data.
Visitors to Company offices
When attending our offices, you may be asked to provide identification documents to clear our security checks. Security cameras (CCTV) are installed at our office in order to maintain the safety and security of our workplace, employees and visitors.
6. SHARING YOUR PERSONAL DATA
We may share your personal data:
- with other Company affiliated entities in Turkey or abroad on a confidential basis for the performance of our contracts and/or in compliance with our legislative and regulatory requirements;
- with accounting firms, for auditing and accounting purposes and with law firms ;
- with Turkish and Japanese public authorities, regulators, courts and law enforcement agencies as necessary; and
- in other circumstances where we have your express consent to do so.
6.1 Transferring information outside of Turkey
Provided that we have your explicit consent, we may transfer the personal data we collect about you from our representative offices in Turkey to our head office in Japan or other representative offices of JBIC outside Turkey and in order to perform the activities and our contract with you and more specifically, the activities set out in paragraph 5.2 above.
Moreover we ensure that your personal data receives adequate protection and is treated in a way that is consistent with and which respects applicable laws on data protection.
7. DATA SECURITY
We will take reasonable steps to ensure that the information that we hold about you is kept confidential and secure. In addition to personal data being kept electronically, we may also store physical documents on file.
8. DATA RETENTION
8.1 Retention of your personal data
We will retain your personal data only for as long as is reasonably necessary fulfil the purposes we collected it for, in the circumstances and in compliance with our legislative and regulatory requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
8.2 Updating your personal data
Should you wish to amend the personal data that we hold for you, please contact Chief Representative. We will not be responsible for any losses arising directly or indirectly from any inaccurate and/or incomplete information provided to us by you
9. YOUR RIGHTS
Pursuant to Article 11 of the TDPL by law you have the right to:
- request access to the personal data which we hold about you, and be informed whether your personal data is processed and if so provide information regarding the personal data processed;
- request to be informed of the purposes of the data processing and whether their personal data has been used for the intended purposes
- request correction of personal data;
- request to be informed of whom your personal data is or may be disclosed in Turkey or outside of Turkey;
- request the restriction of processing your personal data; and
- request the deletion of your personal data if JBIC is no longer under a legal obligation to process such data. JBIC can also refuse to delete your data if in its view it requires the information for defence of legal claims against it.
- Request that the third parties to whom their personal data has been transferred are notified regarding the operations carried out with respect to their aforementioned requests
- Request to be informed whether or not JBIC carries out automated decision-making and the logic involved in any such decision-making, and to object to the unfavourable consequences resulted by such.
- request compensation for any damages arising from the unlawful processing of your personal data
If you wish to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact Chief Representative in writing.
10. COOKIES
Our website uses cookies (small data files which are downloaded to your computer) so that we can recognise that your computer has visited the site before. We do not use cookies to identify you, just to improve your experience of the site. If you do not wish to use the cookies, you can amend the settings on your internet browser so that it will not automatically download cookies. This will not prevent you from accessing or using our website.
We monitor visits to our website and record the IP addresses of visitors to our website. This information does not identify you as an individual, and allows you to navigate our website more easily. For further information please visit https://www.jbic.go.jp/en/cookie-policy.html
11. STATUS OF THIS PRIVACY NOTICE
We review this privacy notice regularly and reserve the right to revise it or any part of it from time to time to reflect changes in the law, information security and technology practices or in the way in which we process your personal data.
12. CONTACT INFORMATION
If you have any questions about this privacy notice, or want to submit a written question or request to us about how we handle your personal data, please contact us at "JBIC-istoffice_admin@jbic.go.jp". Chief Representative. Please make sure that your application to us complies with the Turkish Data Protection Authority's (KVKK) applicable regulations.
You may also have the right to submit a complaint to the relevant supervisory authority in your jurisdiction.
Annex:
| Purposes | Legal basis for processing | ||
|---|---|---|---|
| Allows us to perform our contract with you |
Enables us to comply with legal obligations |
Pursue our legitimate interests of our own | |
| Entering into the contracts | ● | Business management and operations | |
| Performing the contract we are about to enter into or have entered into | ● | ● | |
| Maintaining and developing our relationship with Third Party/ies | Business management and operations | ||
| Facilitating our internal business operations including accounting, billing, collections, payments and auditing | ● | ● | Business management and operations |
| Fulfilling our legal and regulatory obligations | ● | ||
| For internal sharing of information necessary for our business | ● | Ensuring corporate governance to comply with obligations under laws, regulations and norms; and Business management and operations |
|
| Maintaining safety and security of our workplaces and employees | Ensuring safety and security of our workplaces and employees | ||