Privacy Notice

INTERBANK CARD CENTER INC.
TROY

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

As Bankalararası Kart Merkezi Anonim Şirketi (“BKM” or “our Company”), we respect the rights related to personal data of everyone who visits Turkey’s Payment Method TROY website (https://troyodeme.com/) and contacts us, including through our social media accounts. In this regard, we act with due diligence and care to fulfill all our obligations as a data controller under the Law No. 6698 on the Protection of Personal Data (“Law”), which aims to safeguard fundamental rights and freedoms in the processing of personal data. We take the necessary measures accordingly.
In line with this responsibility, and pursuant to the Law and the Communiqué on the Principles and Procedures to be Followed in Fulfilling the Obligation to Inform published in the Official Gazette dated 10/03/2018 and numbered 30356, this Privacy Notice aims to inform you about the personal data processed by our Company.


1. Data Controller

In accordance with the Law and applicable regulations, our Company acts as the “Data Controller” in respect of personal data obtained through written or electronic communication via the email address provided on the TROY website, verbal communication via the phone number shared on the TROY website, and through social media accounts.

2. Processed Personal Data

The term “your personal data” used in this Privacy Notice refers to any information that identifies or can be used to identify you or a third party. Without limitation, this typically includes your name, surname, Turkish ID number, card information, location of the transaction, email address, and phone number.

3. Purposes of Processing Personal Data

Your personal data are processed for the purpose of fulfilling the products and services offered by our Company within the legally defined framework, and to enable BKM to properly and accurately fulfill its contractual and legal obligations.

4. Transfer of Processed Personal Data

Your personal data may be transferred, in accordance with the provisions of the Law regarding the transfer of personal data and in compliance with Articles 8 and 9 of the Law, to card issuers, card acquirers, member merchants, contracted business partners, and legally authorized public institutions, as well as judicial and administrative authorities upon request, for the purposes of enabling the uninterrupted use of Turkey’s Payment Method TROY, managing customer evaluation/complaint processes, reputation investigation processes, legal compliance processes, audits, and ensuring the security of our website.

5. Methods and Legal Grounds for Collecting Personal Data

Your personal data are collected physically or electronically based on the personal data processing conditions set forth under Articles 5 and 6 of the Law, and on the following legal grounds: where explicitly stipulated by law; where necessary for the establishment, exercise, or protection of a right; where necessary for our Company to fulfill its legal obligations; where directly related to the conclusion or performance of a contract; where the data subject has made the data publicly available; and where necessary for the legitimate interests of our Company.

6. Your Rights as the Data Subject

Pursuant to Article 11 of the Law, as the data subject, you have the following rights regarding your personal data:

  • To learn whether your personal data are being processed,
  • To request information if your personal data have been processed,
  • To learn the purpose of the processing of your personal data and whether they are used in accordance with that purpose,
  • To know the third parties to whom your personal data are transferred domestically or abroad,
  • To request the correction of your personal data if they are incomplete or inaccurate and, in this context, to request that the relevant changes be notified to third parties to whom the personal data have been transferred,
  • To request the deletion or destruction of your personal data in case the reasons requiring their processing no longer exist, and to request that this be notified to third parties to whom the personal data have been transferred,
  • To object to any outcome against you that arises as a result of the analysis of your personal data exclusively through automated systems,
  • To request compensation for any damages you may have suffered due to the unlawful processing of your personal data.



You may submit your requests regarding your personal data at any time through the following methods:

Written application:
Bankalararası Kart Merkezi A.Ş.
Nispetiye Cad. Akmerkez E-3 Blok Kat:2-3
Etiler/Beşiktaş İstanbul

Via Registered Electronic Mail (KEP) using a secure electronic signature or mobile signature: bkm@hs02.kep.tr

By using the email address previously provided to BKM and registered in BKM’s system: kisiselveri@bkm.com.tr

Your application will be concluded free of charge as soon as possible, and no later than thirty (30) days from the date of receipt, depending on the nature of your request. However, if the process requires additional cost, a fee may be charged in accordance with the tariff set by the