Data subject is entitled to access personal data processed by the Bank.
In the cases provided for in the Personal Data Protection Law, data subject is entitled to request data deletion, as well as processing restriction.
The right which is also guaranteed in the Law is the right to data correction and updating, however, please note that in banking business relation, data correction and updating are stipulated obligation of the Bank’s client, and such obligation is implemented in accordance with respective agreement, in majority of cases, by providing evidence indicating which data need to be corrected (e.g. change in ID, address, etc.).
Under the conditions stipulated in the Personal Data Protection Law, data subject is entitled to personal data transferability i.e. to receive from the Bank any data which have been provided to the Bank by data subject, for the purpose of transfer to other controller, as well as the right that data on such subject are directly transferred to other controller by the Bank if it is technically feasible and if, in accordance with the assessment by the Bank, necessary personal data transfer security standard has been ensured. For the time being, such standards have not been defined yet at the banking sector level.
If deemed reasonable in terms of particular situation, data subject whose data are processed is entitled to, at any time, provide the Bank, as the controller, with complaint regarding processing of his/her personal data, in accordance with the Personal Data Protection Law, also including profiling based on such Law.
If the Bank fails to act upon request of person whose data are processed, it must, without any delay, notify such person on reasons of such failure within the term stipulated in the law and instruct such person on his/her right to file complaint to the Commissioner or to file claim to respective court.