VakıfBank — A Bank-Scale Privacy Experience with Cerezgo®
For VakıfBank, one of Türkiye's largest public banks, the Privacy Centre software was integrated end to end with cookie/tracking management, explicit consent, privacy notices, auditable records and multilingual content structures. The solution made KVKK compliance a natural part of the user experience without compromising performance or accessibility.
- Single CentrePrivacy & Preferences
- AuditableTime-stamped consent
- MultilingualTR · EN (expandable)
- SLA/SLOEnterprise operations
Programme Footprint
- Domains: vakifbank.com.tr and selected subdomains
- Multilingual content: TR · EN (expandable structure)
- Central panel: brand, text and category management
- Script/tag orchestration: no triggering without consent
KPIs & Conversion
Values are a representative target set; aligned with the organisation's SLOs.
Architecture: Bank-Scale Cerezgo® Positioning
Consent Management and the Preference Experience
- Pre-consent blocking: third-party scripts/cookies blocked until permission is given
- Fine-tuning: category/provider/purpose-based selection, detailed notices
- Multilingual text management and retention periods
Rates are representative; verified with organisation-specific measurements.
Records, Reporting and Audit
| Area | Control Example | Status | Note |
|---|---|---|---|
| KVKK | Privacy notice · explicit consent · applications | Implemented | Multilingual text and records |
| ISO 27001 | Logging · change management | Implemented | Audit trails ready |
| ISO 27701 | Privacy roles/responsibilities | Implemented | PIMS alignment |
| 5651 (opt.) | Time stamp · integrity | Optional | Enabled when required |
| WCAG 2.2 AA | Accessible interface | Implemented | Periodic review |
Accessibility and Visual Standards
- Keyboard navigation, focus indicators, ARIA labels
- Contrast/readability tests; reducing icon/colour dependency
- Mobile-first, stable interaction under high traffic
Colour & Brand Alignment
For brand identity alignment, the yellow tones are managed via --accent and --accent-2.
Governance, Operations and SLA/SLO
RACI & Process
- RACI: Legal/KVKK, Information Security, Digital Channels, Marketing
- Change management (CAB), controlled go-live and rollback
- Monitoring: error/performance dashboards, alerts and escalation
| Criterion | Target | Description |
|---|---|---|
| Availability | ≥ 99.9% | Multi-region service and CDN |
| Latency | ≤ 100ms overhead | Outside the critical path, async loading |
| Incident Response | < 15 min initiation | 24/7 monitoring & escalation |
| Change Window | Weekly | Approved package and rollback |
Targets are representative; finalised with the organisation's SLOs.
Cerezgo® Modules
- Automatic scanning, provider/purpose-based classification
- Multi-layer banner; detailed preference screen
- Versioning of policies and retention periods
- No triggering without consent; conditional loading per category/provider
- Secure management of embedded media and marketing tags
- Fast distribution with CDN/edge support
- Time-stamped, immutable records (append-only approach)
- Export: CSV/JSON/PDF; for finding closure and audits
- Trend dashboards: domain/page/category/provider breakdown
Outcome and Impact
Note: This content has been prepared for general information purposes. The VakıfBank brand and logo are used only as a reference in the context of project presentation. Technical details have not been shared due to confidentiality policies.