VakıfBank web presence — Cerezgo® enterprise privacy modules were reliably brought into operation.
Cerezgo® Privacy Centre — Nesil Teknoloji

VakıfBank — A Bank-Scale Privacy Experience with Cerezgo®

For VakıfBank, one of Türkiye's largest public banks, the Privacy Centre software was integrated end to end with cookie/tracking management, explicit consent, privacy notices, auditable records and multilingual content structures. The solution made KVKK compliance a natural part of the user experience without compromising performance or accessibility.

  • Single Centre
    Privacy & Preferences
  • Auditable
    Time-stamped consent
  • Multilingual
    TR · EN (expandable)
  • SLA/SLO
    Enterprise operations

Programme Footprint

  • Domains: vakifbank.com.tr and selected subdomains
  • Multilingual content: TR · EN (expandable structure)
  • Central panel: brand, text and category management
  • Script/tag orchestration: no triggering without consent

KPIs & Conversion

≥99.9%
Availability target
≤100ms
Overhead (outside the critical path)
Fully Traceable
Consent and version records

Values are a representative target set; aligned with the organisation's SLOs.

Architecture: Bank-Scale Cerezgo® Positioning

Scanning & Classification
Automatic cookie/inventory scanning, provider/purpose mapping, category policies.
> Output: category matrix · retention policy
Consent Orchestration
Multi-layer banner, detailed preference screen, sensitivity for child users, explicit reject/accept.
> Rule: no tracking without consent (block-before-consent)
Records & Audit
Time-stamped, immutable (append-only) records; version, language and user preference context.
> Export: CSV/JSON/PDF evidence packages
Integration & Performance: CDN/edge caching · asynchronous loading · triggering outside the critical path · rollback plan.

Records, Reporting and Audit

AreaControl ExampleStatusNote
KVKKPrivacy notice · explicit consent · applicationsImplementedMultilingual text and records
ISO 27001Logging · change managementImplementedAudit trails ready
ISO 27701Privacy roles/responsibilitiesImplementedPIMS alignment
5651 (opt.)Time stamp · integrityOptionalEnabled when required
WCAG 2.2 AAAccessible interfaceImplementedPeriodic review

Accessibility and Visual Standards

  • Keyboard navigation, focus indicators, ARIA labels
  • Contrast/readability tests; reducing icon/colour dependency
  • Mobile-first, stable interaction under high traffic

Colour & Brand Alignment

For brand identity alignment, the yellow tones are managed via --accent and --accent-2.

Contrast Compliance
Keyboard Access

Governance, Operations and SLA/SLO

RACI & Process

  • RACI: Legal/KVKK, Information Security, Digital Channels, Marketing
  • Change management (CAB), controlled go-live and rollback
  • Monitoring: error/performance dashboards, alerts and escalation
CriterionTargetDescription
Availability≥ 99.9%Multi-region service and CDN
Latency≤ 100ms overheadOutside the critical path, async loading
Incident Response< 15 min initiation24/7 monitoring & escalation
Change WindowWeeklyApproved package and rollback

Targets are representative; finalised with the organisation's SLOs.

Cerezgo® Modules

  • Automatic scanning, provider/purpose-based classification
  • Multi-layer banner; detailed preference screen
  • Versioning of policies and retention periods
  • No triggering without consent; conditional loading per category/provider
  • Secure management of embedded media and marketing tags
  • Fast distribution with CDN/edge support
  • Time-stamped, immutable records (append-only approach)
  • Export: CSV/JSON/PDF; for finding closure and audits
  • Trend dashboards: domain/page/category/provider breakdown

Outcome and Impact

Compliance
KVKK requirements integrated into the experience
Transparency
Explicit consent & clear notices
Operations
Central management · auditable records

Note: This content has been prepared for general information purposes. The VakıfBank brand and logo are used only as a reference in the context of project presentation. Technical details have not been shared due to confidentiality policies.