Personal data is any type of information about a real person whose identity is certain or identifiable. Corporate Treasury Managers’ Association (KHYD) processes personal data for the purposes in this clarification text, and the legal grounds for which data is processed with regard to these purposes as well as the way of collecting, transferring, processing such data are also defined by this clarification text.

Processing personal data

KHYD requests people and/or third parties to share only the personal data required for the purposes explained below and agreed by the clients.

In cases where KHYD must process personal data to provide professional service, the third parties must meet all legal requirements if they share personal data about their employees, contractors and other people with KHYD including but not limited to informing relevant people of the anticipated disclosure of the information and of the purpose and scope of the process of information processing handled by KHYD and getting their consent. The third parties can guide the relevant people for drawing on this statement.

KHYD processes the relevant personal data for the purposes below:

  1. Administration, management and development of the activities and services

KHYD processes the personal data to carry out its own activities, activities to be carried out with business partners and the following:

  • Management, planning and performance of relations with third parties, planning and/or monitoring processes, monitoring demands and/or complaints;
  • Improving activities
  • Analyzing and evaluating the power of interaction with the third parties
  • Planning and performance of market research activities for marketing and/or promotion of activities;
  • Ensuring that the data is accurate and up to date;
  • Using and updating IT technologies (Includes also providing treasury management, internal financing reporting, information technologies (IT) services, and using storage, hosting, maintenance, support, cloud and/or centrally distributed server system);
  • Informing authorized people and/or organizations about the regulations;
  • Hosting events;
  • Managing website, systems and applications;
  • Monitoring financial and/or accounting and legal procedures.
  1. Providing information on itself and service groups

Unless stated otherwise by the third parties, KHYD uses third party contact information that it considers to be relevant for itself and its activities (e.g. sectoral updates and foresights, other services related to events and event invitations).

KHYD does not market and/or, for any other purpose, disclose the personal data in its systems for third parties except its business partners to market their own products and services without permission of the relevant people.

  1. Safety, quality and risk management activities

KHYD has safety measures in place to protect its own and third party information (including personal data). These include identifying, investigating and resolving safety threats. Personal data can be processed as part of the safety monitoring, and automatic scanning etc. can be carried out for identifying malicious e-mails. Services provided to third parties for enhancing the service quality are monitored in a way that includes also processing of the personal data kept in the relevant third party file.

Such data is processed per each legal reason below:

  • being projected by relevant laws,
  • legal obligation
  • legitimate interest,

Provided that network and information safety is ensured, risks are managed and quality of services is checked and fundamental rights and liberties of the relevant person is not damaged, personal data must be processed where explicitly projected by relevant laws or when data processing is required for establishing, using or protecting a right, for protecting the legitimate interests of KHYD.

Cause of action

This personal data is automatically processed in the electronic environment on the basis of the legal ground that “it must be required for legitimate interest of the data supervisor provided that fundamental rights and liberties of the relevant person are not damaged” as stated in the article 5 of the Law 6698 on Personal Data Protection, and shared with express consent of the relevant people.