Privacy Policy

Türkiye İş Bankası A.Ş.​

Privacy Policy

Updated and effective as of 7 November​ 2021


This Privacy Policy is divided into the following sections:

About Us
Contacting Us
Data protection principles
Personal information we collect
What we do with your personal information
Disclosure of your personal information to third parties
International transfers
Security of your personal information
How long we keep your personal information
Your rights
Exercising your rights
Cookies and other tracking technologies
Changes to our Privacy Policy


At Türkiye İş Bankası A.Ş., we are committed to respecting your privacy. This Privacy Policy explains how we collect, use and disclose personal information that we receive when you visit and use this website (the “Site”), use our services, communicate with us, or otherwise interact with us, whether online or offline.

It is important that you read this Privacy Policy so that you are fully aware of how and why we are using your data. 

The Site is owned and operated by Türkiye İş Bankası A.Ş. London Branch, with UK establishment number BR001619 and having its registered address at 1 Bartholomew Lane, London, EC2N 2AX (“Isbank London”, “we”, “our”, and “us”). Isbank London is an overseas branch of Türkiye İş Bankası A.Ş., a company incorporated in Turkey and having its registered address at İş Kuleleri 34330, Levent İstanbul, Turkey.

Isbank London is registered as a data controller with the Information Commissioner’s Office under data protection registration number Z7781846. 


If you have any questions about our Privacy Policy or your information, or wish to exercise any of your rights as described in this Privacy Policy or under data protection laws, you can contact our Head of Compliance at: 

By post:

FAO Head of Compliance
Türkiye İş Bankası A.Ş. 
1 Bartholomew Lane, London, EC2N 2AX​

By email:​​


Information you give us

You may provide us with personal information, including when you:

  • use the Site;
  • sign-up for and use our services;
  • request additional information about our business or ask us to contact you; and
  • communicate with us (whether through the Site, by email or phone).
The categories of personal information you provide may include:

  • Identification data, such as name, age, address, address history, passport details, National Insurance number;​
  • Contact details, such as email address and phone number;​
  • Employment information, such as job title and employer; and
  • Financial details, such as your salary and outgoings;
  • Family information, such as information about your dependants, marital status, next of kin;
  • Account details, such as username and password;
  • Communication data, such as information you tell us in your communications with us.
We will indicate to you where the provision of certain personal information is required in order for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested. 

Information we process automatically

​If you use our banking services, we will process information relating to your use of those services, including:

  • Transaction data, such as payments made, money received etc.
  • Product and service history, regarding the services and products you currently use or have requested from us previously.​
We also collect, store and use information about your use of the Site, and about your computer, tablet, mobile or other device through which you access the Site. This includes the following information:

  • Technical Data: including the Internet protocol (IP) address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location; and
  • Usage Data: including the full Uniform Resource Locators (URL), clickstream to, through and from the Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, and website navigation and search terms used,​
  • (referred to together in this Privacy Policy as “Technical and Usage Data”).

    Information we collect from third parties

    We may also collect information about you from third parties, including:

    • other members of our corporate group members, for example, where we both have a relationship with you;
    • credit reference and fraud prevention agencies for the purposes of running background checks (“Background Data”) and for fraud detection and prevention purposes;
    • other banks (where permitted by law);
    • public authorities and government bodies, such as HMRC; and
    • publicly available sources (where legally permitted), such as the press, the electoral register, company registers, social media networks and online search engines.​
    • Aggregated Data

    We may also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal information but is anonymised and is not considered personal information as it will not directly or indirectly reveal your identity. 


    The Site is not intended for or directed at children under the age of 16 years and we do not knowingly collect information relating to children under this age.


    As data controller, we will only use your personal information if we have a legal basis for doing so. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below.

    Types of data Purposes for which we will process the informati​on Legal Basis for the processing
    Identification data, financial details, account details, transaction data To enable you to access and use the Site and to allow us to supply our services to you (including executing your instructions, processing transactions, making payments to third parties etc.). Performance of a contract.
    Identification data, employment information, financial details, family information, product and service history, background data To assess and process applications for products or services. Such processing is necessary to enter into a contract with you.
    Identification data, contact details, financial details, transaction data, communications data To respond to complaints and provide you with information and materials that you request from us.

    It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business.

    Compliance with a legal obligation.

    Identification data, contact details, account details To send you information regarding changes to our policies, other terms and other administrative information such as reminders, technical notices, updates and security alerts.

    It is in our legitimate interests to ensure that any changes to our policies, terms and other such technical updates are communicated to you. ​

    Compliance with a legal obligation.

    Technical and usage data, account details, contact details To administer our website including resolving technical issues, troubleshooting, data analysis, testing, research, statistical and survey purposes It is in our legitimate interests to continually monitor and improve our services and to ensure network security.
    Technical and usage data To improve our website to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access the website. Consent.
    Identification data, account details, technical and usage data, financial details, transaction data

    To obey laws and regulations that apply to us.


    Compliance with a legal obligation.
    Identification data, contact details, product and service history, transaction data To enforce our agreements with you and recover any sums you owe to us. It is in our legitimate interests to enforce our agreements with you and recover outstanding sums you owe us.
    Identification data, contact details, financial details, transaction data, background data To share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where required by law. Compliance with a legal obligation.
    Technical and usage data To provide you with interest based advertisements on the Site. Consent.
    Identification data, account details, technical and usage data, financial details, transaction data, background data To detect and prevent fraud and other harmful activity, conduct investigations and risk assessments, verify any identifications provided by you, and conduct checks against databases and information sources for risk assessment and harm prevention purposes.

    Compliance with a legal obligation.


    It is in our legitimate interests to carry out such checks to ensure prevention against fraud and other harmful activity and that the Site is safe and secure.​


We may share your personal information with our third party service providers and business partners who assist with the running of the Site and the operation of our business including third party hosting providers. Our third party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions. 

In addition, we may disclose information about you to achieve the purposes set out above:

  • to our professional advisers including lawyers, auditors and insurers;
  • with other members of our corporate group, to the extent reasonably necessary to achieve the purposes set out in this privacy policy;
  • with credit reference or fraud prevention agencies;
  • with debt collection agencies;
  • in the event that we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
  • with law enforcement and other governmental agencies; if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation. We will use commercially reasonable efforts to notify you where this is the case, to the extent permitted by law; or
  • with other third parties (such as courts) in order to enforce or apply our contracts or to establish, exercise or defend the rights of Isbank London, its staff or other related persons.​
If you ask us to, we will share information with any third party that provides you with account information or payment services. If you ask a third-party provider to provide you with account information or payment services, you’re allowing that third party to access information relating to your account. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.

We will not sell, rent, lease or otherwise share your personal information except as outlined in this Privacy Policy or without obtaining your consent beforehand.

Why we share personal information with credit reference agencies (“CRAs”)

When you apply for our services, we will perform credit and identity checks on you with one or more CRAs. We may also make periodic searches at CRAs to manage your account with us.

To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We use this information for various purposes, including to:

  • assess your creditworthiness and suitability for our services;
  • verify the accuracy of the data you have provided to us;
  • prevent criminal activity, fraud and money laundering;​
  • manage your account(s);
  • trace and recover debts; and
  • ensure any offers provided to you are appropriate to your circumstances.​
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

For more information about how CRAs use your personal information, you can read Experian’s Credit Reference Agency Information Notice​​.​


As set out above, we share your data with other members of our corporate group, including in Turkey where Türkiye İş Bankası A.Ş. has its headquarters. This involves transferring your personal data outside the United Kingdom (“UK”) and the European Economic Area (“EEA”). Some of our service providers and business partners are also located outside the UK and the EEA. 

Where personal information is transferred to and stored in a country not determined by the UK or European Commission as providing adequate levels of protection for personal information, we take steps to provide appropriate safeguards to protect your personal information, including entering into standard contractual clauses approved by the UK or the European Commission, obliging recipients to protect your personal information.

If you would like further information on the specific mechanism used by us when transferring your personal information outside of the UK or the EEA, please contact us using the details set out in the Contacting Us section above.


We use appropriate technical and organisational security measures to protect personal information both online and offline from unauthorised use, loss, alteration or destruction. We use physical and procedural security measures to protect information from the point of collection to the point of destruction. Your personal data is encrypted in transit and at rest. Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal information.

Despite these precautions, however, we cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal information. 


We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  • Right of access. You have the right to obtain access to your personal information.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  • Right to object. You have a right to object to any processing based on our legitimate interests in certain circumstances. 
  • Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent but without affecting the lawfulness of processing based on consent before its withdrawal.​

Please note that not all of the above rights are absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. 

For example, we may refuse a request for erasure of personal information where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive.​


You can exercise any of your rights as described in this Privacy Policy and under data protection laws by contacting us as provided in the Contacting Us section above.

Save as described in this Privacy Policy or provid​ed under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.


We use cookies and similar technologies on the Site for various purposes, including improving your experience of the Site. For more information about cookies and why we use these, please refer to our Cookies​ Policy.


The Site may, from time to time, contain links to and from the websites of our business partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have th​eir own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.


If you have any questions or concerns regarding our Privacy Policy or practices, please contact us as provided in the Contacting Us section above. You also have the right to complain to the UK Information Commissioner’s Office (https://ico.​org.​uk/​). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


We reserve the right to change this Privacy Policy from time to time. Any changes will be posted on the Site with an updated revision date. If we make any material changes to this Privacy Policy, we may notify you by email or by means of a prominent notice on the Site prior to the change becoming effective.​